1. Problem description MacOS/X and Windows
If you are attempting to connect using mosquitto_sub and mosquitto_pub from a MacOS/X using TLS (as described here: How to send and receive messages with mosquitto_sub and mosquitto_pub to MyQttHub.com) and it fails, keep reading.
It seems mosquitto support to load system default root certificates to connect to TLS/SSL is not working out of the box for MacOS/X and Windows.
Here you have a long description:
In essence, MacOS/X stores root certificates using something called “Keychain”. That is stored at /Network/Library/Keychains.
However, they are stored in a way that OpenSSL will not be able to understand them (it needs PEM).
Something similar happens with Windows OS.
2. How to solve it (workaround)
So the solution is to take the content from /etc/ssl/certs from a Linux machine (raspberry pi will do too), and place that content into /etc/ssl/certs or into a temporal folder pointed by your --capath command.