A protocol that only works on the whim of a third party corporate person is not optimal for human people. Baking in a requirement of CA based TLS is not great.
>TLS: Certificate, the certificate for this host, containing the hostname, a public key, and a signature from a third party asserting that the owner of the certificate's hostname holds the private key for this certificate
You can generate your own root cert and self-sign. No need for third-parties.
I found minica very useful to do something like this (no affiliation): https://github.com/jsha/minica