Hello @copercini, which branch or tag did you clone of esp8266?, I tried with 2.4.0-rc1
but i continue with SSL error 42. I tried your mqtt_x509_DER example with the following output:

ail 8
chksum 0x2d
csum 0x2d
vf6d232f1
~ld

Connecting to SIRA
sta config unchangedscandone
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 4
cnt

connected with SIRA, channel 6
dhcp client start...
...ip:192.168.1.30,mask:255.255.255.0,gw:192.168.1.1
.
WiFi connected
IP address:
192.168.1.30
SPIFFSImpl: allocating 512+180+1400=2092 bytes
SPIFFSImpl: mounting fs @100000, size=2fb000, block=2000, page=100
SPIFFSImpl: mount rc=0
Heap: 33928
Success to open cert file
SPIFFS_read rc=-1
loadObject: reading 861 bytes, got 0
cert not loaded
Success to open private cert file
SPIFFS_read rc=-1
loadObject: reading 1191 bytes, got 0
private key not loaded
Heap: 33592
SPIFFS_close: fd=2
SPIFFS_close: fd=1
Attempting MQTT connection...:ref 1
please start sntp first !
State: sending Client Hello (1)
:wr 129 129 0
:wrc 129 129 0
:sent 129
:rn 1460
:rd 5, 1460, 0
:rdi 1460, 5
:rd 1455, 1460, 5
:rdi 1455, 1455
:c0 1455, 1460
:rn 1460
:rd 1460, 1460, 0
:rdi 1460, 1460
:c0 1460, 1460
:rn 117
:rd 117, 117, 0
:rdi 117, 117
:c0 117, 117
State: receiving Server Hello (2)
State: receiving Certificate (11)
State: receiving Certificate Request (13)
State: receiving Server Hello Done (14)
State: sending Certificate (11)
:wr 12 12 0
:wrc 12 12 0
State: sending Client Key Exchange (16)
:wr 267 267 0
:wrc 256 267 0
:wrc 11 11 0
:wr 6 6 0
:wrc 6 6 0
State: sending Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 12
:rn 7
:rcl
:abort
:rd 5, 7, 0
:rdi 7, 5
:rd 2, 7, 5
:rdi 2, 2
:c0 2, 7
Alert: bad certificate
Error: SSL error 42
Alert: unexpected message
Alert: close notify
failed, rc=-2 try again in 5 seconds

Thanks in advance

Alert: bad certificate

The Amazon recuse the communication due your certificates are invalid....
Double check your client certificates

@copercini Thanks for the early reply:

I found the error the WiFiClientSecure can't load my certificate and my key
Success to open cert file
SPIFFS_read rc=-1
loadObject: reading 861 bytes, got 0
cert not loaded
Success to open private cert file
SPIFFS_read rc=-1
loadObject: reading 1191 bytes, got 0
private key not loaded

Both are in DER file and i followed your instructions :
Converting PEM to DER format: (On Windoens you should download openssl first)
$ openssl x509 -in aaaaaaaaa-certificate.pem.crt.txt -out cert.der -outform DER
$ openssl rsa -in aaaaaaaaaa-private.pem.key -out private.der -outform DER

could be the branch?
thanks

It's some problem in SPIFFS

try change the SPIFFS size in arduino menu and upload again using arduino-esp8266fs-plugin

@copercini I changed Flash Size from 4M(3M SPIFFS) to 4M(1M SPIFFS) . The cert and can loaded now, and apparently amazon accept my certifcates but receive and Alert: close notify and disconnect.

This is my log:

8
chksum 0x2d
csum 0x2d
vf6d232f1
~ld

Connecting to SIRA
sta config unchangedscandone
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 4
cnt

connected with SIRA, channel 6
dhcp client start...
...ip:192.168.1.30,mask:255.255.255.0,gw:192.168.1.1
.
WiFi connected
IP address:
192.168.1.30
SPIFFSImpl: allocating 512+180+1400=2092 bytes
SPIFFSImpl: mounting fs @300000, size=fb000, block=2000, page=100
SPIFFSImpl: mount rc=0
Heap: 33720
Success to open cert file
cert loaded
Success to open private cert file
private key loaded
Heap: 26528
SPIFFS_close: fd=2
SPIFFS_close: fd=1
Attempting MQTT connection...:ref 1
State: sending Client Hello (1)
:wr 129 129 0
:wrc 129 129 0
:sent 129
:rn 1460
:rd 5, 1460, 0
:rdi 1460, 5
:rd 1455, 1460, 5
:rdi 1455, 1455
:c0 1455, 1460
:rn 1460
:rd 1460, 1460, 0
:rdi 1460, 1460
:c0 1460, 1460
:rn 117
:rd 117, 117, 0
:rdi 117, 117
:c0 117, 117
State: receiving Server Hello (2)
State: receiving Certificate (11)
State: receiving Certificate Request (13)
State: receiving Server Hello Done (14)
State: sending Certificate (11)
:wr 876 876 0
:wrc 256 876 0
:wrc 256 620 0
:wrc 256 364 0
:wrc 108 108 0
State: sending Client Key Exchange (16)
:wr 267 267 0
:wrc 256 267 0
:wrc 11 11 0
:sent 876
:sent 267
State: sending Certificate Verify (15)
:wr 269 269 0
:wrc 256 269 0
:wrc 13 13 0
:wr 6 6 0
:wrc 6 6 0
State: sending Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 269
:sent 91
:rn 91
:rd 5, 91, 0
:rdi 91, 5
:rd 1, 91, 5
:rdi 86, 1
:rd 5, 91, 6
:rdi 85, 5
:rd 80, 91, 11
:rdi 80, 80
:c0 80, 91
State: receiving Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 85
:rn 69
:rcl
:abort
:rd 5, 69, 0
:rdi 69, 5
:rd 64, 69, 5
:rdi 64, 64
:c0 64, 69
Alert: close notify
pm open,type:2 0
:ur 1
:del
failed, rc=-4 try again in 5 seconds
Attempting MQTT connection...:ref 1
State: sending Client Hello (1)
:wr 129 129 0
:wrc 129 129 0
:sent 129
:rn 1460
:rd 5, 1460, 0
:rdi 1460, 5
:rd 1455, 1460, 5
:rdi 1455, 1455
:c0 1455, 1460
:rn 1460
:rd 1460, 1460, 0
:rdi 1460, 1460
:c0 1460, 1460
:rn 117
:rd 117, 117, 0
:rdi 117, 117
:c0 117, 117
State: receiving Server Hello (2)
State: receiving Certificate (11)
State: receiving Certificate Request (13)
State: receiving Server Hello Done (14)
State: sending Certificate (11)
:wr 876 876 0
:wrc 256 876 0
:wrc 256 620 0
:wrc 256 364 0
:wrc 108 108 0
State: sending Client Key Exchange (16)
:wr 267 267 0
:wrc 256 267 0
:wrc 11 11 0
:sent 876
:sent 267
State: sending Certificate Verify (15)
:wr 269 269 0
:wrc 256 269 0
:wrc 13 13 0
:wr 6 6 0
:wrc 6 6 0
State: sending Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 269
:sent 91
:rn 91
:rd 5, 91, 0
:rdi 91, 5
:rd 1, 91, 5
:rdi 86, 1
:rd 5, 91, 6
:rdi 85, 5
:rd 80, 91, 11
:rdi 80, 80
:c0 80, 91
State: receiving Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 85
:rn 69
:rd 5, 69, 0
:rdi 69, 5
:rd 64, 69, 5
:rdi 64, 64
:c0 64, 69
:wr 69 69 0
:wrc 69 69 0
Alert: close notify
:rcl
:abort
:ur 1
:del
failed, rc=-4 try again in 5 seconds
Attempting MQTT connection...:ref 1
State: sending Client Hello (1)

@copercini Many thanks for all the Help!,
Finally I can do it, my Policy was the last final step. i forgot to able the connections in the Policy.
Too grateful.