When client authentication is enabled, the server notifies the clients upon TLS connection setup of the names of the CAs which it accepts as signatories of client certificates. These name are taken from the certificates in the file specified by the-Z AcceptableClientCAFile option. The individual certificates in PEM format are arranged sequentially in this file.
You can process the file with a text editor of your choice when you wish to add or delete certificates. The individual certificates are registered in the file as follows:
-----BEGIN CERTIFICATE----< CA certificate in Base64 encoding > -----END CERTIFICATE-----
Text outside these sequences is ignored by the TELNET server and can therefore be used to identify the certificates which, owing to the ASN.1/Base64 encoding, are available in nonreadable form.
-Z AcceptableClientCAFile |
={<file-name 1..54> | *NONE} |
<file-name 1..54>
Name of the file.
*NONE
No file is specified.
*NONE is the default.