I have a RemoteAuthenticationHandler that needs to use mTLS. For this purpose, I need to get tls certificate from my certificates store, but I don't want to create a new instance of HttpClient every time when I need to authenticate user. But problem is that if I would use IHttpClientFactory then I don't know how can I check if certificate in HttpClient from IHttpClientFactory is still valid (and if not, how to change certificate contained in HttpClient).
To validate certificate contained in HttpClient I need to get this certificate from HttpClient, but that's not possible (please correct me if I'm wrong). What's more, even if this certificate isn't valid then I can't change certificate used in concrete HttpClient.
So what can I do, if I don't want to create HttpClient every time when I need to authenticate user?