PROPOSED REQUIREMENT: DCAE VES Event Listener MUST authenticate an HTTPS client as follows:
1. For a client with a certificate, DCAE VES Event Listener MUST validate the certificate according to RFC 5280 and if the certificate is valid, DCAE VES Event Listener MUST pass the client authentication and MUST use the Subject Name in the certificate as the client identity for authorization.
2. For a client with no certificate, DCAE VES Event Listener MUST validate the basic authentication credentials in the Authorization header according to RFC 7617 and if the basic authentication credentials are valid, DCAE VES Event Listener MUST pass the client authentication and MUST use the username in the Authorization header as the client identity for authorization.
3. For a client with no or an invalid certificate and with no or incorrect basic authentication credentials, DCAE VES Event Listener MUST fail the client authentication.
Note: If a certificate is provided by the xNF but it is invalid, DCAE will not fallback to the basic authentication credentials, even if they are provided by the xNF.

REASON:  Add DCAE requirement to authenticate HTTPS by checking for the certificate first and ensure DCAE does not fall back to basic auth if the certificate is invalid.