It is not good to have invalid certificate, but for development purposes the certificate does not have correct host names populated.
For example, I set up a cluster of 3 nodes with one certificate and in Java clients I said that I accept the risk.

This is how it looks in the certificate
Alternative Name:
DNS:kafka, DNS:localhost

But then, I'm trying to connect with the extension

Failed operation - Connection error: Hostname/IP does not match certificate's altnames: IP: is not in the cert's list:

It will be great, to have a checkbox an uncheck host verification.

Per my understanding, this function tls.checkServerIdentity(host, cert) should be overridden.

Is there any chance to have a contribution?