After searching and investigating various X509 libs for django I found this https://github.com/openwisp/django-x509 IMHO looks the best - even CA and certificate generation are present in admin UI.
However, thinking now, how to use it the best way in my case - please, see short description and image below
Data entry to the site should be done using two ways - automated POST from standalone application using certificate authentication, and regular https for data watch and manual entry (sorry 4 typo in the image). It's important to remember, that application is standalone - no {% csrf_token %} in it indeed.
So, general advice is needed.
IMHO, the best way is to use cert authentication on the automated POST URL only, with password for other pages, but how?
If mentioned above is not possible - needed to make two apps with sharing data model in common database to x509 app. Found 1 reply for sharing question with -1 rep here, not sure, that workable - advice is welcome. In addition. may happen user management problems in 2 apps etc, I think, that the first method is better.
BTW, if the lib authors are here - sample of integration into existing site environment is greatly needed indeed.
