Unless you are a big company with the goal of creating a proper certificate authority, don't create your own CA just because you need a method to create a lot of your own certificates:
- First, make sure you really need these certificates. If you're forced to use client-side certificates for things, just because the authentication mechanism in the underlying protocol is inherently insecure, such as is the case with MQTT, consider choosing another technology such as XMPP. If the underlying technology permits, such as in the case of CoAP and LWM2M, consider using PSK that you can generate easily yourself instead of certificates, rather than having to create your own CA. Certificates should only be used ...