Upon Aria Operations for Logs deployment, SDDC Manager deploys a dedicated agent so SDDC Manager can upload its logs to that Aria Operations for Logs instance. The agent is preconfigured (in SDDC Manager codebase) to use non-ssl communication.

VCF 4.x
VCF 5.x

This is by design.

 To enable SSL communication between the preinstalled Aria Operations for Logs (a.k.a. vRealize Log Insight) agent and the Logs product instance in the VCF enabled environment please follow this steps:

1. Enable "Secure Communication (SSL)" toggle in the Aria Lifecycle Manager UI Settings/Logs section by navigating to https://{URL}/lcm/lcops/settings/logs)
2. Stop agent
3. Review the Configure Agent SSL parameter guide and generate a proper certificate dedicated for the Aria Operations for Logs instance and set it in the ssl_ca_path property in the liagent.ini (i.e. ./var/lib/loginsight-agent/liagent.ini).  Also check ssl config in liagent.ini.  Configure the VMware Aria Operations for Logs Agent SSL Parameters