Please keep in mind that a self-signed certificate is quite different from a certificate that is signed using a private CA.
The self-signed certificate has no link to a trust anchor. So it’s easy for Mallory to replace it with her own malicious certificate. It’s much harder for Mallory to replace a certificate that is tied to a CA.
The self-signed certificate has no link to a trust anchor. So it’s easy for Mallory to replace it with her own malicious certificate. It’s much harder for Mallory to replace a certificate that is tied to a CA.