The exact steps depend on your setup, but this should give you some hints:
The CA certificate that you generated will be used to sign the server and client-certificates. You need to configure this CA certificate + key in the chirpstack-network-server.toml configuration:
# Gateway settings.
[network_server.gateway]
# CA certificate and key file (optional).
#
# When setting the CA certificate and key file options, ChirpStack Network Server
# will generate client certificates which can be used by the gateway for
# authentication and authorization. The Common Name of the certificate will
# be set to the Gateway ID.
ca_cert=""
ca_key=""
Then you generate a server-certificate and sign this server-certificate with the CA. This server-certificate will be used by the MQTT broker (e.g. Mosquitto). In the MQTT broker you configure the CA certificate, server certificate + key.
As well you change your MQTT broker configuration that it requires a client-certificate from clients connecting to it and that it must use the CN from the client-certificate as username. You probably want to setup an ACL to make sure that clients can only connect to their own topics. For example gateway/%u/# and application/%u/# (in this case the %u would be automatically replaced by the value of the CN field in the client-certificate).
Once you generate the client-certificate within the ChirpStack web-interface, you configure the CA, client-certificate + key in the chirpstack-gateway-bridge.toml file.