nrf9160 mqtt simple example configured to talk to test.mosquitto.org using mutual TLS on port 8884?

We were able to configure the CA, device public cert (signed by mosquito), and device private key (generated locally by openssl) using the Certificate Manager in the LTE Link Monitor and get it to connect to mosquitto's port 8884.

We tried using what we thought was the correct interface (modem_key_mgmt_write) to programmatically set the above information but that did not work.  No error was returned.  Is that expected to be in PEM format or does it need to be the un-base64'd binary of the key/cert?

I read the comments about using the link manager to pre-program the security information, but did want to understand how to do it programmatically.

We also tried connecting to port 8887 which has an intentionally expired certificate and using the verify_peer set to 2 (required) it doesn't fail, which I would expect.  How can I turn on logging in the modem or TLS so I can see why the expired certificate is not being flagged.

Thank you.

We were able to configure the CA, device public cert (signed by mosquito), and device private key (generated locally by openssl) using the Certificate Manager in the LTE Link Monitor and get it to connect to mosquitto's port 8884.

We tried using what we thought was the correct interface (modem_key_mgmt_write) to programmatically set the above information but that did not work.  No error was returned.  Is that expected to be in PEM format or does it need to be the un-base64'd binary of the key/cert?

I read the comments about using the link manager to pre-program the security information, but did want to understand how to do it programmatically.

We also tried connecting to port 8887 which has an intentionally expired certificate and using the verify_peer set to 2 (required) it doesn't fail, which I would expect.  How can I turn on logging in the modem or TLS so I can see why the expired certificate is not being flagged.

Thank you.