Risks of using such self signed certs even though it is internal to the walls of the organisation
– promoting bad behavior of accepting certificates
– lack of visibility and control from a PKI on expiry, dates, version etc. of certs
– inability to re-key, deploy, revoke certs as part of incident response
– attackers misusing such self signed – we cannot validate man in the middle attacks as effectively
any other risks can you think of?