diff --git a/itest/aperture_harness.go b/itest/aperture_harness.go
index 406ae375a..df341aea9 100644
--- a/itest/aperture_harness.go
+++ b/itest/aperture_harness.go
@@ -21,10 +21,6 @@ type ApertureHarness struct {
 	// ListenAddr is the address that the aperture service is listening on.
 	ListenAddr string
 
-	// TlsCertPath is the path to the TLS certificate that the aperture
-	// service is using.
-	TlsCertPath string
-
 	// service is the instance of the aperture service that is running.
 	Service *aperture.Aperture
 }
@@ -59,9 +55,8 @@ func NewApertureHarness(t *testing.T, port int) ApertureHarness {
 	service := aperture.NewAperture(cfg)
 
 	return ApertureHarness{
-		ListenAddr:  listenAddr,
-		TlsCertPath: filepath.Join(baseDir, "tls.cert"),
-		Service:     service,
+		ListenAddr: listenAddr,
+		Service:    service,
 	}
 }
 
diff --git a/itest/tapd_harness.go b/itest/tapd_harness.go
index 67832eb22..a3488527e 100644
--- a/itest/tapd_harness.go
+++ b/itest/tapd_harness.go
@@ -163,7 +163,6 @@ func newTapdHarness(ht *harnessTest, cfg tapdConfig,
 		)
 
 		finalCfg.HashMailCourier = &proof.HashMailCourierCfg{
-			TlsCertPath:        typedProofCourier.TlsCertPath,
 			ReceiverAckTimeout: receiverAckTimeout,
 			BackoffCfg:         backoffCfg,
 		}
diff --git a/proof/courier.go b/proof/courier.go
index e90e5c683..f011a4bd0 100644
--- a/proof/courier.go
+++ b/proof/courier.go
@@ -122,12 +122,11 @@ func (h *HashMailCourierAddr) NewCourier(_ context.Context, cfg *CourierCfg,
 	recipient Recipient) (Courier, error) {
 
 	hashMailCfg := HashMailCourierCfg{
-		TlsCertPath:        cfg.TlsCertPath,
 		ReceiverAckTimeout: cfg.ReceiverAckTimeout,
 		BackoffCfg:         cfg.BackoffCfg,
 	}
 
-	hashMailBox, err := NewHashMailBox(&h.addr, hashMailCfg.TlsCertPath)
+	hashMailBox, err := NewHashMailBox(&h.addr)
 	if err != nil {
 		return nil, fmt.Errorf("unable to make mailbox: %v",
 			err)
@@ -230,25 +229,13 @@ type HashMailBox struct {
 
 // serverDialOpts returns the set of server options needed to connect to the
 // server using a TLS connection.
-func serverDialOpts(tlsCertPath string) ([]grpc.DialOption, error) {
+func serverDialOpts() ([]grpc.DialOption, error) {
 	var opts []grpc.DialOption
 
-	if tlsCertPath != "" {
-		// Read in the specified TLS certificate and build transport
-		// credentials with it.
-		creds, err := credentials.NewClientTLSFromFile(tlsCertPath, "")
-		if err != nil {
-			return nil, err
-		}
-		opts = append(opts, grpc.WithTransportCredentials(creds))
-
-		return opts, nil
-	}
-
-	// If TLS certificate file path not given, use the system's TLS trust
-	// store.
-	creds := credentials.NewTLS(&tls.Config{})
-	opts = append(opts, grpc.WithTransportCredentials(creds))
+	// Skip TLS certificate verification.
+	tlsConfig := tls.Config{InsecureSkipVerify: true}
+	transportCredentials := credentials.NewTLS(&tlsConfig)
+	opts = append(opts, grpc.WithTransportCredentials(transportCredentials))
 
 	return opts, nil
 }
@@ -258,7 +245,7 @@ func serverDialOpts(tlsCertPath string) ([]grpc.DialOption, error) {
 //
 // NOTE: The TLS certificate path argument (tlsCertPath) is optional. If unset,
 // then the system's TLS trust store is used.
-func NewHashMailBox(courierAddr *url.URL, tlsCertPath string) (*HashMailBox,
+func NewHashMailBox(courierAddr *url.URL) (*HashMailBox,
 	error) {
 
 	if courierAddr.Scheme != ApertureCourier {
@@ -266,7 +253,7 @@ func NewHashMailBox(courierAddr *url.URL, tlsCertPath string) (*HashMailBox,
 			courierAddr.Scheme)
 	}
 
-	dialOpts, err := serverDialOpts(tlsCertPath)
+	dialOpts, err := serverDialOpts()
 	if err != nil {
 		return nil, err
 	}
@@ -467,8 +454,6 @@ type Recipient struct {
 
 // HashMailCourierCfg is the config for the hashmail proof courier.
 type HashMailCourierCfg struct {
-	TlsCertPath string `long:"tlscertpath" description:"Service TLS certificate file path"`
-
 	// ReceiverAckTimeout is the maximum time we'll wait for the receiver to
 	// acknowledge the proof.
 	ReceiverAckTimeout time.Duration `long:"receiveracktimeout" description:"The maximum time to wait for the receiver to acknowledge the proof."`
diff --git a/tapcfg/server.go b/tapcfg/server.go
index b603cc7c9..9aed1f92b 100644
--- a/tapcfg/server.go
+++ b/tapcfg/server.go
@@ -186,7 +186,6 @@ func genServerConfig(cfg *Config, cfgLogger btclog.Logger,
 	//  support a proof courier.
 	if cfg.HashMailCourier != nil {
 		proofCourierCfg = &proof.CourierCfg{
-			TlsCertPath:        cfg.HashMailCourier.TlsCertPath,
 			ReceiverAckTimeout: cfg.HashMailCourier.ReceiverAckTimeout,
 			BackoffCfg:         cfg.HashMailCourier.BackoffCfg,
 			DeliveryLog:        assetStore,