nope u missed big part last leg cleartxt - hence using any cert to encrypt is big think
who issue cert is not important - dummy self sign whatever so long sniffer cannot be content is good enough