there is a lot of certificate which in "pending request" status, and certificates which in expired status.
what are the consequences of deleting those certificates?
Typically none since they arent actually being used if pending or expired.
What is the consequences of allowing MAPI over HTTP protocol , there will be any impact on users?
With the change in protocol, once Outlook autodiscovery picks up the change, they will be prompted to restart Outlook ( An administrator has made a change dialog box)
Restarting should allow things to work with the change.
However, some clients may require a new Outlook profile.
I recommend only enabling a few at first and testing before enabling org-wide