Sorry, what I meant when I said JVM-level was exactly what you typed - the client is more or less a plugin to running framework, so it isn't started in its own command windows / environment. And while I can certainly access/change those via System, that affects every other "plugin" as well.
I do realize not validating the certificate can lead to man-in-the-middle, but since we currently do not use SSL at all we have other means of validating who we are talking to. This is just a first step to get encrypted traffic. If we can't allow the client to ignore the certificate, then is there a way to be able to pass in our certificate to the properties used for .lookup()?