how to add certificates in order to setup TLS

Hi, I am trying to setup TLS web socket but I am getting NO_SHARED_CIPHER during handshakes. normal WS server connects properly but I need to get it into WSS version. I believe I am missing some sorts of certificates (maybe like P12?) but I have never set up TLS before. How do I import certificates or which sec_protocol_options should I use?

my current TLS code is this

 init(port: UInt16) {

        //15881 ws 15882 wss

        self.port = NWEndpoint.Port(rawValue: 15882)!

        let workQueue = DispatchQueue(label: "mqtt")

    

        parameters = NWParameters(tls: SwiftWebSocketServer.tlsOptions(psk: "1234", pskIdentity: "1234", queue: workQueue))

        //parameters = NWParameters(tls: nil)

        parameters.allowLocalEndpointReuse = true

        parameters.includePeerToPeer = true

        let wsOptions = NWProtocolWebSocket.Options()

        wsOptions.autoReplyPing = true

        

        parameters.defaultProtocolStack.applicationProtocols.insert(wsOptions, at: 0)

        listener = try! NWListener(using: parameters, on: self.port)

    }

    private static func tlsOptions(psk: String, pskIdentity: String,queue: DispatchQueue) -> NWProtocolTLS.Options {

        

        let tlsOptions = NWProtocolTLS.Options()

        let allowInsecure = true

        //   let pskData = Data(psk.utf8)

        let authenticationKey = SymmetricKey(data: psk.data(using: .utf8)!)

        var authenticationCode = HMAC<SHA256>.authenticationCode(for: "1234".data(using: .utf8)!, using: authenticationKey)

        let authenticationDispatchData = withUnsafeBytes(of: &authenticationCode) { (ptr: UnsafeRawBufferPointer) in

            DispatchData(bytes: ptr)

        }        

        let pskIdentityData = Data(pskIdentity.utf8)

        let pskIdentityDispatchData = pskIdentityData.withUnsafeBytes { buf in

            DispatchData(bytes: buf)

        }
    sec_protocol_options_set_min_tls_protocol_version(tlsOptions.securityProtocolOptions, .TLSv12)

        sec_protocol_options_append_tls_ciphersuite(

            tlsOptions.securityProtocolOptions,

            tls_ciphersuite_t(rawValue: UInt16(TLS_PSK_WITH_AES_128_CBC_SHA256))!

        )

        sec_protocol_options_append_tls_ciphersuite(

            tlsOptions.securityProtocolOptions,

            tls_ciphersuite_t(rawValue: UInt16(TLS_PSK_WITH_AES_128_GCM_SHA256))!

        )

        sec_protocol_options_append_tls_ciphersuite(

            tlsOptions.securityProtocolOptions,

            tls_ciphersuite_t(rawValue: UInt16(TLS_PSK_WITH_AES_256_CBC_SHA384))!

        )

        sec_protocol_options_append_tls_ciphersuite(

            tlsOptions.securityProtocolOptions,

            tls_ciphersuite_t(rawValue: UInt16(TLS_PSK_WITH_AES_256_GCM_SHA384))!

        )

        sec_protocol_options_set_verify_block(tlsOptions.securityProtocolOptions, { (sec_protocol_metadata, sec_trust, sec_protocol_verify_complete) in

            

            let trust = sec_trust_copy_ref(sec_trust).takeRetainedValue()

            

            var error: CFError?

            if SecTrustEvaluateWithError(trust, &error) {

                sec_protocol_verify_complete(true)

            } else {

                if allowInsecure == true {

                    sec_protocol_verify_complete(true)

                } else {

                    sec_protocol_verify_complete(false)

                }

            }

            

        }, queue)

        sec_protocol_options_set_peer_authentication_required(tlsOptions.securityProtocolOptions, false)

        sec_protocol_options_add_pre_shared_key(

            tlsOptions.securityProtocolOptions,

            authenticationDispatchData as __DispatchData,

            pskIdentityDispatchData as __DispatchData

        )

        return tlsOptions

    }

    
``
how to add certificates in order to setup TLS
 
 
Q