For testing the security of a service using mTLS for authentication, I need a client able to send the correct client certificate but then using the wrong key (i.e. a private key that does not correspond to the public key of the client certificate).
I want to make sure the tested service will fail the validation of the CertificateVerify message (a message that contains a signature made with the private key, and meant to be verified by the server using the public key of the client certificate). I can’t just do: