Thank you for your reply!
I think TLS client certificate mechanism make security stronger. But if accept self-signend certificate, it is make no sense. It just like as a con artist says “This person is (I am) right and you can trust him (me), I will guarantee”. If anyone could get to know the device IDs, he can create fraud self signed certificate and can communicate with Murano.
So I think Murano is better to have function to check if the certificate is signed by proper CA, and to have option to kick unsecure certificate.