At 10.0.8, you can either disable the stricter validation, or creat a custom ca-bundle (start by copying out default and then add your own root CA or the Inventory self-signed cert to it)
Enabling HTTPS downloads from untrusted sites
Starting from Patch 8, the following settings can be used to allow or disallow the download from untrusted sites:
_BESRelay_Download_UntrustedSites (server/relay). It is a boolean setting. When it is set to 0 (default value), the downloads from untrusted sites are not allowed. When it is set to 1, the downloads from untrusted sites are allowed.
_BESClient_Download_UntrustedSites (client). As described above, but the setting works for the client.
The KB article at that link has the paths to the default ca-bundle (which differs between 10.0.8 and 10.0.9), as well as a sample task for customizing it.