That's mainly a problem for genetir web clients, though. If it's a mobile or other app, you can package the CA in.
I think web clients generally wouldn't be able to connect to an IoT device over a private or public IP anyway since afaik public CAs won't issue certs for IPs.
I think web clients generally wouldn't be able to connect to an IoT device over a private or public IP anyway since afaik public CAs won't issue certs for IPs.