diff --git a/changelog.d/mqtt_source_mutual_TLS.fix.md b/changelog.d/mqtt_source_mutual_TLS.fix.md
new file mode 100644
index 0000000000000..9d1c52d65c370
--- /dev/null
+++ b/changelog.d/mqtt_source_mutual_TLS.fix.md
@@ -0,0 +1,3 @@
+Fixed a bug in the `mqtt` source where user-provided TLS client certificates (`crt_file` / `key_file`) were being silently ignored, breaking mTLS connections to strict brokers like AWS IoT Core.
+
+authors: mr-
diff --git a/src/sources/mqtt/config.rs b/src/sources/mqtt/config.rs
index 635751a3a1b0a..92b8cd78f6a5b 100644
--- a/src/sources/mqtt/config.rs
+++ b/src/sources/mqtt/config.rs
@@ -148,7 +148,7 @@ impl MqttSourceConfig {
 
         if let Some(tls) = tls.tls() {
             let ca = tls.authorities_pem().flatten().collect();
-            let client_auth = None;
+            let client_auth = tls.identity_pem();
             let alpn = Some(vec!["mqtt".into()]);
             options.set_transport(Transport::Tls(TlsConfiguration::Simple {
                 ca,