https://docs.goshs.de/en/usage/authentication/cert/index.html Use certificate based authentication with client certificates If you already have a CA you could provide goshs with the CA certificate and this will activate certificate based authentication. Any certificate that is signed by the CA can now be used to authenticate against the server. Info You will need to combine this option with TLS in any form to work. So choose -s and then either: Hugo en-US