Configuring the PIV/CAC or X.509 Certificate authentication method
If you want to use certificate authentication, you must first create the server truststore so that the server trusts the client certificates.
The server truststore is a single file that contains the client issuing certificate chain.