You are right: -https CLI is the activation of HTTPS in the ORION NGSI API (on the one hand). It is not associated with notifications sent by Orion.
Orion does not support HTTPS notifications directly (on the client side), but functionality can be achieved using an HTTP relay such as Rush . Using the HTTP broker has additional advantages, such as freeing Orion from troubleshooting notification failures, retries, etc.
Orion-Rush integration has not yet been achieved, but it is on our short-term roadmap. Please take a look (and finally subscribe if you want to know when the functionality will be implemented), https://github.com/telefonicaid/fiware-orion/issues/251
UPDATE: Orion-Rush integration for HTTPS was implemented in Orion 0.13.0. See the Security Considerations section of the Orion User Guide.
UPDATE: Rush has been added as part of the global context management instance, so CB on orion.lab.fi-ware.org nos supports HTTPS notifications. However, the CB error currently ignores the default port for the https URL scheme, so use 443 explicitly (e.g. https: https://foo.bar:443/path ).
UPDATE: The bug mentioned in the previous update note is fixed in Orion version 0.17.0.
UPDATE: starting from version 1.7.0, Orion implements its own HTTPS notifications (i.e., without the need for Rush).