There is a parameters space to enter these things. From the help file we get:
–tls-auth f [d]: Add an additional layer of authentication on top of the TLS control channel to protect against DoS attacks. f (required) is a shared-secret passphrase file. The optional d parameter controls key directionality, see –secret option for more info.
Authentication should be X.509 and Remote CN should be the common name of the remote server you are connecting to, e.g server.zeroshell.com . Better ask your provider about this.