If this parameter is set to enable, a client’s user name is always extracted from the CN field of the client’s digital certificate, if the digital certificate is specified.
ssl_use_cert_username = enable | disable
If a different username is provided through the connection factory or API calls, then that username is discarded. Only the username from the CN is used.
The CN field is either a username, an email address, or a web address.
Note: When
ssl_use_cert_username is enabled, the username given by the CN becomes the only valid username. Any permissions associated with a different username, for example one assigned with an API call, are ignored.