Okey I found that you have to load your certificate and private key in the client side code:

await client.load_client_certificate(cert)
await client.load_private_key(private_key)

now I'm able to connect to my server using my cert and the TrustStore However, I'm not sure I'm using these mechanisms correctly:

I tried to connect with a self-signed client certificate, the server refuses me the connection which seems to be a good point.

But if I disable the truststore on the client and server side and use the client certificate signed by my CA, I'm still able to authenticate myself and connect, is this normal?

From what I understand, the certificateUserManager is only useful for managing self-signed certificates, which is not my use case.