Hello again, glad that you got it working in Linux first. Now on to the device itself. I see some comments here that I will try to correct and answer.
Firstly, there is no need to generate certificates. The certificate in MQTT is used to verify and encrypt the connection to the server (the server sends the cert to the client). Not as authentication with client-certificates. This means that your device will need to have the certificate chain for verification installed but does not need to generate anything. This is the same procedure as HTTPS
IoT Open is using certificates issued by LetsEncrypt for all cloud solutions. This means that the whole LetsEncrypt certificate chain need to be installed on the device. Their site has well documented procedures and download links to the root and intermediate certificates needed. The HTTPS certificate is also used for MQTT, so the easiest way to look this up would be to click in your browser on "certificate information" after going to the web page. This shows that the current certificate on
https://lynx.iotopen.se is issued by
LetsEncrypt R3 which in turn is signed by
ISRG Root X1.