How to configure .opendistro_security index with HTTP


I’m running Opendistro Elasticsearch 0.10.0. It’s an internal service so I set below to false to allow http:
opendistro_security.ssl.http.enabled: false

Nothing else changed.

With default setting “opendistro_security.ssl.http.enabled: true”, I’m able to run below
curl -k --cert kirk.pem --key kirk-key.pem -X PUT -H “Content-Type: application/json” -d ‘{“settings”:{“auto_expand_replicas”: “0-6”}}’ https://localhost:9200/.opendistro_security/_settings

With that setting to false, and change above url from https to http, I got “Unauthorized”.
With https, I got “routines:CONNECT_CR_SRVR_HELLO:wrong version number
I tried to add admin user with roles, but that didn’t work either.

Is there any way I can change security index settings with http allowed?

FYI, I started another Elasticsearch instance with SSL enabled, it can join existing cluster. Then I’m able to change setting on that new instance with that curl command to localhost.
Not sure whether there is other better way to do this.