Comment Re: Why? (Score 2) 92
The parent is spot on. If you need to self-sign, then you need the client to trust your signing authority, not simply to trust your self-signed certificates.
Asking them to trust your certificates means teaching them to ignore and click through an important security warning. It not only poses a danger to your users in their internet use elsewhere, but also to your own servers as someone can set up a MITM attack and you have already trained your users to ignore the warning presented by the browser.
Widely trusted SSL certificates can be had for under $10. Wildcard certificates for under $100. There is no reason to have a self-signed certificate on anything public or employee facing.