This is my use case and i want to connect using TLS.
I have configured the MQTT broker / Chirpstack according to the following instructions:
https://www.chirpstack.io/docs/guides/mosquitto-tls-configuration.html
How do I have to configure the forwarder? Is there a guide for this?
Is that the only configuration one needs to do for TLS? If so, it’s now clear to me why I couldn’t find any further information. 
# MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
server="ssl://[Server-IP]:1883"
See also (same page as @bconway mentioned):
# CA certificate file (optional)
#
# Use this when setting up a secure connection (when server uses ssl://...)
# but the certificate used by the server is not trusted by any CA certificate
# on the server (e.g. when self generated).
ca_cert=""
# TLS certificate file (optional)
tls_cert=""
# TLS key file (optional)
tls_key=""
Thx!
Does anyone have a guide on how to create certificates on KerlinkOS?