Would like to limit access to SOAP. Would it be possible that it listens to a different port than the web frontend. When they share the SSL port, I cannot restrict access by firewall, which makes the SOAP password the only security.

With my previous control panel I could configure it to limit access to clients that have a client certificate installed. Would you please consider adding this feature to LiveConfig? The simplest is to check presence of a client certificate signed by CA (official or selfsigned in the bundle). Extended feature could be to include authenticating through certain certificate fields, for instance the email or serial number field, which makes it possible to identify the client before log-in.