Backend should validate that certificates is valid for the address that used it
Currently it is possible to setup partner certificate in manager that are refused by gateway. It should be easy to add a check to verify that the certificate has a SAN corresponding to the interface address.