The problem is not the self-signed cert or CA. The problem is managing trust on the devices themselves.
Imagine you want to trust only _your_ self-signed cert or CA root for a specific service. Good luck making that work.
This issue should be so common that there should baked-in functionality in every piece of software to allow for this. It's often totally missing or implemented incorrectly (self-signed certs or custom CAs are often trusted in _addition_ to the system CA roots!).
Imagine you want to trust only _your_ self-signed cert or CA root for a specific service. Good luck making that work.
This issue should be so common that there should baked-in functionality in every piece of software to allow for this. It's often totally missing or implemented incorrectly (self-signed certs or custom CAs are often trusted in _addition_ to the system CA roots!).