Skip to main content


📄️ Authenticate clients using X.509 certificates

For client authentication, in addition to various password authentication methods, Halon supports X.509 client certificate authentication. During the STARTTLS handshake it's possible for the server (Halon) to ask for a X.509 client certificate (peer certificate). If the client provides a certificate it can later be obtained from the $connection variable. If Halon is acting as a client (delivering mail), you can set a client certificate using the tlsclientcert option to the Try function in the Pre-delivery context.