secure HTTP communication for components of commercial product

Question

Let\'s say I want to ship a commercial product that has two components, written in Java, communicating with each other on a local network using a RESTful API. It could be a musi

Answer 1

Your linked answer presents another solution: instead of disabling certificate validation for self-signed certificates, 'Export the certificate (...) and import it in your JVM truststore'.

So only for the first time when an unknown certificate is found, ask for user confirmation.