is it possible to get client certificate authentication based on realms ? ,
without to enable client certificate on the external port
i would like :
user realm 1 = radius authentication logon
user realm 2 = certificate based logon
Well you don't enable the client cert on the port. You simply install it under the "Trusted Client CA" component of certificate setup and make sure to enable it for client auth. You then do exactly as you indicated specify the appropriate auth server for each realm. Works without any hiccups.
You can even use your cert-server as primary auth in your realm 2 and then do a secondary against LDAP or whatever for 2-factor.
The above link could also give you more information on how you can configure the settings.