Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "when-enabled-in-message-vpn". The allowed values and their meaning are:

"always" - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
"never" - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
"when-enabled-in-message-vpn" - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn >  authentication > client-certificate > shutdown".

Available since 2.21.

Enumeration Members

ALWAYS: "always"
NEVER: "never"
WHEN_ENABLED_IN_MESSAGE_VPN: "when-enabled-in-message-vpn"