From venafi.com
Traditionally, organizations have used certificates signed by Certificate Authorities (CAs) to secure both external and internal communications. But internal certificates can be more difficult to find and replace, making it more challenging for organizations to manage internal certificates in the event of a CA error, security breach, or attack on a CA. As a result, organizations are looking for ways to reduce their threat surface. One strategy is to use self-signed certificates to secure communications between internal systems as well as to authenticate devices and users to the internal network.