Currently we accept invalid certs, since we haven't sorted making public certs for the server nor added the private cert to the client. To improve security the custom cert either needs to be added to the client so it can validate the server, or the server needs to get a public cert so that the client can authenticate it without needing the custom cert to be added to it.
Currently we accept invalid certs, since we haven't sorted making public certs for the server nor added the private cert to the client. To improve security the custom cert either needs to be added to the client so it can validate the server, or the server needs to get a public cert so that the client can authenticate it without needing the custom cert to be added to it.