Note that I mentioned above that the MQTT binding does not support certificate based authentication. If that’s the only option, you’ll have to have some sort of bridge.
It wouldn’t be a bad thing to add certificate auth or even AWSIoT support to the binding but it’s not there now.
It’s not that the name changed, MainUI is a wholly new UI implemented from scratch with no lineage back to PaperUI. PaperUI only exited for OH 2. OH 3 has MainUI which is a combo of an end user interface and admin interface.
Requires? No, but even a sheltered Mosquitto instance on a LAN should have some sort of authentication.
That’s not how it works. It might help to go through an MQTT tutorial to really understand what the MQTT broker does. Even if Mosquitto did require and only support username/password authentication for it’s clients doesn’t matter. We know OH can connect to MQTT and do so with username and password. The problem is AWSIoT apparently doesn’t support username/password and only supports certificate login and OH does not support certificate based login.
But give the link @Wolfgang_S provided above Mosquitto does when configured as a bridge. So you’d set up Mosquitto as a bridge to AWSIoT using the tutorial above. Then you’d configure Mosquitto to listen and accept connection from openHAB, perhaps using username and password. The messages flow from OH → Mosquitto → AWSIoT → ??? and from AWSIoT → Mosquitto → OH.