Benjamin Schmid

@EdJoPaTo At least my credentials are production credentials used over the internet and I do not want to risk to expose them to an untrusted source. And I also want...

See the overview on https://test.mosquitto.org/ : > For ports 8883 and 8884 you should use the certificate authority file ([mosquitto.org.crt (PEM format)](https://test.mosquitto.org/ssl/mosquitto.org.crt), or [mosquitto.org.der (DER format)](https://test.mosquitto.org/ssl/mosquitto.org.der)) to verify the server...

Yes, from my point of view `--insecure` works as it should.