Authentication with client certificates

I use nginx client certificate to access Vaadin Spring Boot app. A user installs the certificate and get access to the app without any further authentication. I’d like to ask if someone already implemented the same scheme and make it works with Websockets. Please, share, how? What I have, on Mac: Chrome generates error 501 on wss:// protocol (as seen in Inspector), Safari wss:// doesn’t work too (it does not pass certificate to WebSocket and web server simply decline it as unauthenticated requests). On Safari for iOS: “WebSocket network error: The operation couldn’t be completed. (OSStatus error -9807.)”. So, Vaadin in all these cases returns to fallback long-polling mode.