SANE allows the use of certificates for authentication, both for server and client.

Client Certificate Authentication

Server Setup

• create server certs (./ssl/create-server-certs.sh)
• create signed client cert (./ssl/create-client-cert.sh <tunnelname>)
• set root certificate in saneserver-config

Client Setup

• load cert&key pair

Server Certificate Authentication

Server Setup

• set/create ssl cert

Client Setup

• load public root key from server