Yes, you can self-sign your own certificates and that will do well enough for encryption, but most browsers will not accept it for authentication. That means users will get confusing errors popping up every time the go to log on until they configure their browser to trust the certificate. That kind of stuff scares away users.