I presume that when you say “SSH” (Secure Shell), you mean “SSL” (Secure Sockets Layer).
“http:” means normal unencrypted insecure http. “https:” means http layered on top of SSL/TLS, which provides encryption and authentication of the website. So yes, using the non-https version means you don't get the security benefits of SSL.
SSL certificates are usually only valid for a single specific hostname. e.g. if your webserver has a certificate valid only for www.example.com, but someone tries to access https://example.com, they will get either an error message or a scary warning. A CNAME is not enough: you need a valid certificate for that name as well. So use the name specified in your certificate. (If, of course, you have paid extra for a certificate that is valid for both example.com and www.example.com, then you may choose between them. But as I probably know less than you about SEO I shall not advise which one is best.)