For now, we can pass an --insecure-skip-tls-verify flag to skip the server certificate validation during oc binary command executions, but it would probably be interesting to first retrieve the server certificate, verify it and if it is not valid (expired or self-signed cert or unknown CA), prompt the caller if he/she accepts the certificate before actually running the oc command.