The certificate profile is available for both the TLS server and the TLS client. The cert-profile command is configured for the server or client to transmit the provider certificate and its DS to the peer so that the peer can authenticate it via the trust-anchor and CA certificate.
Multiple provider certificates can be configured on SR OS; however, SR OS currently uses the smallest index as the active provider certificate, and only sends the certificate to the peer.