If you’re gonna use TLS, you might want to add a server certificate properly (by creating certificates for your machine using appropriate SAN/CN). If not, you can either add the server certificates manually to the windows trust store, or - just for testing - skip the validation via -k parameter?