If the client provides a certificate upon request by the server, SR OS checks the certificate’s common name (CN) field against local CN configurations. The CN is validated via the client IPv4/IPv6 address or FQDN.
If cn-authentication is not enabled, SR OS does not authenticate via the CN field and only relies on certificate signature authentication.