I'm preparing to upgrade from ZCM 11.2 to 11.3 and have a question about using client certificates for identifying the remote operator. As our zone is set up with external CA, I intend to use this option. What I didn't find from the docs is whether the client certificate is mandatory. If someone has necessary rights to perform remote control but doesn't have the client certificate, can they still perform remote control without supplying the certificate and be identified as 'Unknown user'? If this isn't possible then I will have to distribute client certificates to all remote operators *before* the server upgrade.