using proper host-certs - and disabling authtokens as this currently prevents submission of jobs with pure x509