SSL configuration can be quite tricky to get right, and in some cases can completely lockout the clients. Attached document describes the end to end SSL configuration on Broker Server and clients. It also includes a section on how to recover if locked out of Broker due to SSL misconfiguration.
Attachements also include sample SSL certificates. Password for keystores is "active".