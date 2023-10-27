One of the lesser used aspects of TLS is that TLS clients can send a certificate to the TLS server, in addition to the server sending one to clients. In private deployments, these client certificates are often issued out of a private Certificate Authority, possibly with custom fields that are understood by the software involved. However, you can also use conventional public TLS certificates for hosts as client certificates, and there are situations where you might want to do this; for a non-hypothetical example, you might want to verify some sort of 'identity' of third party SMTP mail sending machines that are contacting your (public) SMTP server in order to give them extra privileges.