Why should the private key be used in solace client authentication?
I see that we provide a path to a .key file which is the private key for client authentication using client certificates . I really want to understand why this is done?
a) where is the private key being used?
b) is it a secure practice to pass private keys? especially if the server is sitting in a vendor infrastructure which is vendor owned?
c) If the vendor get hold of the private key , can this key be used as a signing key for any certificates the vendor wants to spin up?
d) How is this superior to basic auth?