You can do that, however it will prevent a some features (e.g. API Keys) from being enabled.
No, if you run a cluster on https, then the client needs to decide whether to trust the certificate that is provided by the server. There are 3 main ways that could happen:
- Your server uses a certificate that is issued by one of the default issuing authorities (CAs) that your client already trusts.
- Your client is configured to trust a specific certificate or CA for this specific connection (e.g. using the
--cacertoption to curl) - Your client just trusts everything (e.g. the
--insecureoption to curl).
Any of those will be more secure than turning off ssl.