For securing internal services, acting as your own CA can be very convenient. Buying a wildcard SSL cert might be too expensive, or your internal services span multiple domains, etc. A lot of people will simply use self signed certs, which are definitely better than nothing, but leave you open to MITM attacks and require clicking through warning screens frequently.
By acting as your own CA internal services can be tightly secured by requiring