How can I configure a webapp to request a client certificate or basic authentication if no client certificate is available?