Here is the documentation on using client cert for authentication
Here is a sample implementation:
event.container.ssl.client.set_trusted_ca_db(path to CA public key)
event.container.ssl.client.set_peer_authentication(SSLdomain.Verify_peer)
event.container.ssl.client.set_credentials(certpath,keypath)
here i understand that path to CA public key is the public key of the CA which is signing the cert on the broker. which is verified by the client for encryption using SSLdomain.verify_peer
the set_credential(certpath) is the path to the client CA signed cert
is the keypath the private key corresponding to the public key used in the CSR for the client certificate? if so is this just used in the verifycertificate call during the client authentication?