@TRS-80 [Love the uname BTW] - There are certs on the MQTT broker as well as client certs.
I have been under the belief that both client and server (broker) were needed for encrypted communication (TLS). What I think I may be coming to wonder is if the broker’s certs are actually used to encrypt the communication. Then, similar to ssh, you can log in via uname/passwd or use a cert on the client. I’m thinking that is what @edolis may have accomplished, encrypted communication but uname/passwd authentication allowed rather than using a cert for authentication, but to be honest I’m not sure.
If what I said above is true, I guess what I am trying to understand is how to import my certs into the openHAB MQTT client to use for authentication to the MQTT broker over TLS.