...
When creating a key, you must enter a password to protect it.
The certification authority certificate (caMQTT.crt) must be copied so that the D2000 KOM has access to it (the easiest way is to put it in the application directory) and set the path to it as the "Partner certificate" parameter (#APPDIR#\caMQTT.crt) in the TCP/IP-TCP Redundant line configuration.
2.1 Key creation and certificate signing request for the MQTT broker
...
The broker.crt file (MQTT broker certificate) must be copied to the MQTT server, along with the broker.key file (MQTT broker private key) and the certification authority certificate (caMQTT.crt). It is also recommended to protect the broker.key file (with access rights, encryption) so that only the user under whom the MQTT broker is running has access to it.
The certification authority certificate (caMQTT.crt) must be copied so that the D2000 KOM has access to it (the easiest way is to put it in the application directory) and set the path to it as the "Partner certificate" parameter (#APPDIR#\caMQTT.crt) in the TCP/IP-TCP Redundant line configuration.
3.1 Creating a key and certificate signing request for the MQTT client
...
The myPLC.crt file (MQTT client certificate) must be copied to the MQTT client, along with the myPLC.key file (MQTT client private key) and the certificate authority certificate (caMQTT.crt). It is also recommended to protect the myPLC.key file (with access rights, encryption) so that only the user under whom the MQTT client is running has access to it. The myPLC.crt file must also be copied to the MQTT broker; it will be used to verify the identity of the MQTT client.
4 Repeating the procedure for the D2000 MQTT client
...