...
- Unable to track issued certificates or manage them (e.g. no sensible revoke, no way of telling which issued certificates are still being used etc)
- each replica has a different certificate (not sure if this could be a problem to not)
- harder to track certificates that are due in near future (i.e. no expiration management as replicas come and go in case of dynamic load-balancing for example)
- hard dependency of each new replica on AAF (AAF certmanager will be a bottleneck for service startup)
- longer startup time and resource usage for services (i.e. time to generate certificate and the CPU/Network overhead involved)
...