diff --git a/.chloggen/fix-opampsupervisor-tls-settings.yaml b/.chloggen/fix-opampsupervisor-tls-settings.yaml
new file mode 100644
index 000000000000..028f427f9e28
--- /dev/null
+++ b/.chloggen/fix-opampsupervisor-tls-settings.yaml
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: opampsupervisor
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Only use TLS config when connecting to OpAMP server if using `wss` or `https` protocols.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [35283]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []
diff --git a/cmd/opampsupervisor/supervisor/supervisor.go b/cmd/opampsupervisor/supervisor/supervisor.go
index bb4e9e0fbd1e..febcde73ac98 100644
--- a/cmd/opampsupervisor/supervisor/supervisor.go
+++ b/cmd/opampsupervisor/supervisor/supervisor.go
@@ -6,11 +6,13 @@ package supervisor
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	_ "embed"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
 	"sort"
@@ -366,9 +368,17 @@ func (s *Supervisor) startOpAMP() error {
 func (s *Supervisor) startOpAMPClient() error {
 	s.opampClient = client.NewWebSocket(newLoggerFromZap(s.logger))
 
-	tlsConfig, err := s.config.Server.TLSSetting.LoadTLSConfig(context.Background())
+	// determine if we need to load a TLS config or not
+	var tlsConfig *tls.Config
+	parsedURL, err := url.Parse(s.config.Server.Endpoint)
 	if err != nil {
-		return err
+		return fmt.Errorf("parse server endpoint: %w", err)
+	}
+	if parsedURL.Scheme == "wss" || parsedURL.Scheme == "https" {
+		tlsConfig, err = s.config.Server.TLSSetting.LoadTLSConfig(context.Background())
+		if err != nil {
+			return err
+		}
 	}
 
 	s.logger.Debug("Connecting to OpAMP server...", zap.String("endpoint", s.config.Server.Endpoint), zap.Any("headers", s.config.Server.Headers))
diff --git a/cmd/opampsupervisor/testdata/supervisor/supervisor_accepts_conn.yaml b/cmd/opampsupervisor/testdata/supervisor/supervisor_accepts_conn.yaml
index 6fba120fffc6..9caaea49296b 100644
--- a/cmd/opampsupervisor/testdata/supervisor/supervisor_accepts_conn.yaml
+++ b/cmd/opampsupervisor/testdata/supervisor/supervisor_accepts_conn.yaml
@@ -1,7 +1,5 @@
 server:
   endpoint: ws://{{.url}}/v1/opamp
-  tls:
-    insecure: true
 
 capabilities:
   reports_effective_config: true
diff --git a/cmd/opampsupervisor/testdata/supervisor/supervisor_agent_description.yaml b/cmd/opampsupervisor/testdata/supervisor/supervisor_agent_description.yaml
index 404fa3bb500b..a87e3edd3bb0 100644
--- a/cmd/opampsupervisor/testdata/supervisor/supervisor_agent_description.yaml
+++ b/cmd/opampsupervisor/testdata/supervisor/supervisor_agent_description.yaml
@@ -1,7 +1,5 @@
 server:
   endpoint: ws://{{.url}}/v1/opamp
-  tls:
-    insecure: true
 
 capabilities:
   reports_effective_config: true
diff --git a/cmd/opampsupervisor/testdata/supervisor/supervisor_basic.yaml b/cmd/opampsupervisor/testdata/supervisor/supervisor_basic.yaml
index f713be57c24b..bfe228f86e32 100644
--- a/cmd/opampsupervisor/testdata/supervisor/supervisor_basic.yaml
+++ b/cmd/opampsupervisor/testdata/supervisor/supervisor_basic.yaml
@@ -1,7 +1,5 @@
 server:
   endpoint: ws://{{.url}}/v1/opamp
-  tls:
-    insecure: true
 
 capabilities:
   reports_effective_config: true
diff --git a/cmd/opampsupervisor/testdata/supervisor/supervisor_healthcheck_port.yaml b/cmd/opampsupervisor/testdata/supervisor/supervisor_healthcheck_port.yaml
index 08c6b6bceb88..b9d226058e4a 100644
--- a/cmd/opampsupervisor/testdata/supervisor/supervisor_healthcheck_port.yaml
+++ b/cmd/opampsupervisor/testdata/supervisor/supervisor_healthcheck_port.yaml
@@ -1,7 +1,5 @@
 server:
   endpoint: ws://{{.url}}/v1/opamp
-  tls:
-    insecure: true
 
 capabilities:
   reports_effective_config: true
diff --git a/cmd/opampsupervisor/testdata/supervisor/supervisor_nocap.yaml b/cmd/opampsupervisor/testdata/supervisor/supervisor_nocap.yaml
index 34c45f4d752c..cab98dd081e4 100644
--- a/cmd/opampsupervisor/testdata/supervisor/supervisor_nocap.yaml
+++ b/cmd/opampsupervisor/testdata/supervisor/supervisor_nocap.yaml
@@ -1,7 +1,5 @@
 server:
   endpoint: ws://{{.url}}/v1/opamp
-  tls:
-    insecure: true
 
 capabilities:
   reports_effective_config: false
diff --git a/cmd/opampsupervisor/testdata/supervisor/supervisor_persistence.yaml b/cmd/opampsupervisor/testdata/supervisor/supervisor_persistence.yaml
index 600e0c19f7bb..723f3fb98902 100644
--- a/cmd/opampsupervisor/testdata/supervisor/supervisor_persistence.yaml
+++ b/cmd/opampsupervisor/testdata/supervisor/supervisor_persistence.yaml
@@ -1,7 +1,5 @@
 server:
   endpoint: ws://{{.url}}/v1/opamp
-  tls:
-    insecure: true
 
 capabilities:
   reports_effective_config: true