I've gone the internal CA route in the past. Because they don't require from-external access the need to accept the internal-root certificate for each machine is a one-time thing.
I've gone the internal CA route in the past. Because they don't require from-external access the need to accept the internal-root certificate for each machine is a one-time thing.