Unless you are a big company with the goal of creating a proper certificate authority, don't create your own CA just because you need a method to create a lot of your own certificates:

• First, make sure you really need these certificates. If you're forced to use client-side certificates for things, just because the authentication mechanism in the underlying protocol is inherently insecure, such as is the case with MQTT, consider choosing another technology such as XMPP. If the underlying technology permits, such as in the case of CoAP and LWM2M, consider using PSK that you can generate easily yourself instead of certificates, rather than having to create your own CA. Certificates should only be used on high-value nodes due to their increased complexity and relatively short lifetime.
• Creating a CA requires you to maintain a redundant and resilient set of certificate servers that can respond to validation requests. If they go down, your system risks going down.
• If you need more certificates than can be created using the free options of CAs such as Let's Encrypt, consider getting a commercial account instead of creating your own CA.
• Creating your own CA requires you to install the CA certificate on all machines that will interact with your things and services. This is undesirable. It creates vulnerabilities in these systems and forces you to maintain your CA servers and corresponding certificates under stringent watch.