I am considering to use Enterprise plan but I need to understand, how it will work. Will it be possible to forward client certificate to the origin server (may be with worker? ) or I will be able to work with certificate headers only?
Is the mutual TLS the only way to work with clients’ certificates? I highly interested in working with the certificates on the original server. This is why I asked whether it is possible to forward the client certificate to the origin server and validate it there.
In terms of technically possible, no, since CF terminates SSL it cannot pass on the client certificate’s signature; although I believe that if you get enterprise with Cloudflare Spectrum you could tunnel port 443 to your origin and client certs would function perfectly, but at a loss of nearly every other CF feature.