The client is using it for server authentication. According to this post Loading SSL keys onto client, which ones? - Help - Let's Encrypt Community Support (letsencrypt.org)
I apologize if this wasn't made clear earlier. Is this not correct?
Thank you very much I will read through this as this is something I need to address. To your earlier point I haven't a clue how I will update these while they are in the field. The only thing in my favor here is that the device isn't doing a whole lot. So firmware is pretty simple.