In legacy security subsystem, org.jboss.security.auth.certs.AnyCertVerifier with CertificateDatabase login module is used to populate a principal for a client certificate without client certificate verification. A similar feature for key-store-realm is also required.