...
In order to detect and block man-in-the-middle attacks, clients adds an extra step beyond the normal X.509 certificate validation. After obtaining the server's certificate in the standard TLS handshake, the client checks the public key in the server's certificate chain against a hash of public key for the server name.
Available optionally only for on-premise solution.
Mutual authentication with X.509 certificate
...