[ehhthing]

It supported using self signed certs, but if the server suddenly switched from a self signed to a trusted CA-signed certificate, no prompt would be given. So the idea that self signed certificates are somehow more secure for this specific purpose is incorrect.

[detourdog]

It was a complex Trust relationship and Apple’s it just work was onerous to work around. When security is the top priority I would alway go with self-signed certificates.