If the client provides a certificate, the server checks the common name (CN) field against local CN configurations. The CN is validated via the client IPv4/IPv6 address or FQDN. If the common-name list authentication option is not enabled on the server, it uses certificate signature authentication instead.