回答我自己的问题. 下面是密钥库/信任库及其内容的映射

Answering my own question. Below is the mapping of the keystore/truststore and its contents

• 经纪人密钥库:捆绑到PKCS12文件中的服务器密钥对
• 经纪人信任库:根证书
• 客户端密钥库:捆绑到PKCS12文件中的客户端密钥对
• 客户端信任库:根证书

这是正确的配置，现在一切正常. 不能完全确定为什么为MQTT配置证书的地方很少.我查看了许多HTTPS示例，并了解到必须将证书添加到密钥库和信任库中，如上所示.

This is the correct configuration and things are working fine now. Not entirely sure why there's so little out there about configuring certificates for MQTT. I looked at a bunch of HTTPS examples and learnt that the certificates must be added into the keystores and truststores as shown above.