Posted On: Mar 22, 2019

Beginning today, you can call AWS IoT Core's HTTPS Publish API with certificate-based client authentication on port 443. Previously this combination of protocol and authentication mechanism was only supported on port 8443.  

Corporate firewalls and home routers often block traffic on all ports except port 443, which is the standard port for HTTPS (HTTP over TLS). With this update, AWS IoT Core enables you to deploy IoT devices using X.509 client certificates for authentication without requiring changes to firewalls. This is especially beneficial for those who need to deploy devices into environments where IT infrastructure is managed by third parties and changes are hard to achieve.

HTTPS with X.509 client certificate-based authentication on port 443 (via TLS ALPN) is now supported in all regions where AWS IoT Core is available.

To learn more and get started:

  • Ensure that the TLS library on your devices supports the Application-Layer Protocol Negotiation (ALPN) TLS extension. Most common TLS implementations, including OpenSSL and mbedTLS, support this extension.
  • Refer to the “Protocols” page of the AWS IoT Developer Guide for the specific ALPN ProtocolName to use.
  • To learn more about ALPN in general, refer to the AWS IoT Blog post on sending MQTT traffic over port 443.