Self-signed certs have themselve as issuer thus "root". With self-signed certs you should add it to the root store or manually check the fingerprint.
Of course you could set up an entire private root which would sign private leaf certs, but for a single service, why not just use a self-signed cert directly?
@Osiris, the question was:
It's hard to tell when you are agreeing with me - LOL
Thank you, @rg305 and @Osiris. I think your answers are very useful to me, although I still need to take some time to understand them. 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.