Yes. The z/OS Explorer/API toolkit can be configured with 2 connections. one to the z/OS Connect EE server's httpPort and a second the the httpsPort.
For the HTTP & basic authentication
allowFailOverToBasicAuth="true"
should be specified in the webAppSecurity element.
The client certificate authentication would require the z/OS Connect EE server to be configured with:
clientAuthentication="true"
See : https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/rwlp_ssl.html
The z/OS Explorer should be configured to present the client certificate in the z/OS Explorer via the "Edit certificate management preferences" options.
#Support#SupportMigration#z/OSConnect