Hi Nikel,
first of all nice post.
I've done this recently myself, for securing incoming rest services between our Mendix apps. Normally I would agree with you that self signed certificates are less secure, but for this it might actually be more safe, because you can make sure that the Signing CA is only signing this certificate. When using a general CA it will be less secure.
I used this example to implement the certificates. Also make sure that the you add the endpoints at the uploaded pfx.
Also I filed a ticket at Mendix Support regarding Mendix native REST ( Mx 7.22.0 ). When I call a REST service with the mendixcloud.com endpoint, the certificate is validated and functionality works. However when using a CNAME in the native REST functionality, there is a certificate error. This is currently under review at Mendix Support. So test your certificates with the mendixcloud.com endpoint.