Why not just use an internal CA? Sure you'll have to deploy your CA to the trusted Certificate Authorities of all your machines but it works and you only have to do that once. Or maybe twice as some browsers have their own store.. Works just great 👍🏻