Here’s how to do it:
Add this parameter to URI in mqtt transportConnector (in your conf/activemq.xml config).
The need for this? I had a set of keys+certificates that were working perfectly fine on RabbitMQ, but on ActiveMQ I was getting “KeyUsage does not allow digital signatures” errors on client when it was validating server’s certificate.
I had no idea why this happened, googling revealed some fragmented info, in general I understood that my server’s certificate had “extension” “key usage” that indicated it didn’t allow (support?) digital signatures.