How do I connect using TLS (SSL)? Where do I find cert and key files?

If you connect by TLS/SSL, add --capath or --cafile and point it to a cert store. Our server cert is signed by Comodo, which has the AddTrust CA as root. Most OSs comes with it by default, so can you point to your default trust/CA store. (example: --cafile=/etc/ssl/certs/ca-certificates.crt) If you don't have a trust store you can download the AddTrust/Comodo root cert from https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/979/108/domain-validation-sha-2

More information can be found here, under Certificate based SSL/TLS Support. You also need to use the port for MQTT over TLS (see above).