I just used the port shown in the connect page 
As you said, you can use port 8883 for basic authentication with no client cert authentication. I already did it before enabling cert authentication.
I only point out that the links on the service/connect page may lead to confusion.