The curl call you gave uses the paramters --key ./kirk-key.pem --cert ./kirk.pem. This means, that it is using certificate authentication. Certificate authorization is done on the TLS layer. Thus, it cannot work if TLS (resp. HTTPS) is disabled. If you have disabled TLS, you need to use other authentication methods (such as basic auth with an authentication backend).
As a side note: It seems you are not using Search Guard, but OpenSearch security. Questions on this should be directed to the OpenSearch forum: