If I am not mistaken, you asked the same questions about three weeks ago, and I replied to it.
Are you using any application that requires authentication? (like have you installed site minder etc..,) or any secure portal?
Any right tool should tell you to go with HTTPS instead of HTTP.
Yes, a lot. These servers run applications for banking, and some security guys tell me to fix some security problems. I have fixed most of them, but still don't know what to do with these 2 warnings.
I also checked the "HTTPS" as what you said, it's OK but Rapid 7 still warns like that.
Exactly! Consider telling the security guys that talking about "security" when running a OS unpatched for at least 15 months is moot anyway. No matter what you do or don't do the server will be insecure anyway.
IBM still release security patches for AIX 5.3 but you'll need a software maintenance agreement and an AIX 5.3 service extension to be able to download them ;0)