If an HTTPS endpoint is provided, SP will not verify the certificate when it makes API requests to ES; this dates to the plugin's inception (ref). When connecting to a non-localhost endpoint that specifies HTTPS, SP should specify 'sslverify' => true.