The other option is you can just install your self signed certs onto the client PCs via group policies.