Comment 0 for bug 1590383

https://github.com/openstack/vmware-nsx/blob/stable/mitaka/vmware_nsx/plugins/nsx_v/vshield/common/VcnsApiClient.py#L94-L98

if self.ca_file is not None:
            http.ca_certs = self.ca_file
            http.disable_ssl_certificate_validation = False
        else:
            http.disable_ssl_certificate_validation = self.insecure

shows following:
1. If we have certificate, ssl_certificate_validation is enabled.
2. If we don't have certificate, disable_ssl_certificate_validation = insecure.

In case 1 we have certificate and it will be validated.
In case 2 we don't have certificate, but validation is controlled by 'insecure' switch.