Hi,
it’d be helpful to me if you let me know where the documentation is incomplete.
In short, what you need to do is to configure a TLS endpoint in the vernemq.conf file. Example for a TLS listener called default:
listener.ssl.default = 127.0.0.1:8883
listener.ssl.default.cafile = /etc/ssl/cacerts.pem
listener.ssl.default.certfile = /etc/ssl/cert.pem
listener.ssl.default.keyfile = /etc/ssl/key.pem
You can configure more, of course (like requesting Client certificates, and more TLS details). But above is basically what you need to do: give VerneMQ the needed information to configure a TLS listener. (cert.pem is the TLS Server certificate, key.pem is the private key of that certificate, cacerts.pem is the file with needed Certificate authorities).