Possibly this bit from that link:
TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.
Or some other of the criterias. Likely the self-signed certificates fail one or more of those criterias.
Ps. You might edit the topic title to contain MacOS Catalina ...