I'm new to the product and this forum, and could not agree more with jeremy.akers sentiments. I am a security professional and regularly make use of IPSec VPN to access my local network. My network and access security posture is based on my private PKI environment, where all certs utilized are generated through my internal CA. This is not for everyone, but when I can't install one of my own certs I generally place the device behind reverse-proxy. It would make it easier to allow users to deploy their own self-signed certs. As stated by others, this is done all the time without weakening the device security profile. To ensure Hubitat cert/key pair security a factory-reset option could be added that regenerates a new cert/key pair each time the device is reset. But there need to be a self-signed cert/CA option.