That said self signed certs are useful when you do not need a 'client facing' ssl secured page, i.e. a web service, as PHP has a major problem verifying SSL certs most developers choose to disable this check, I would only use this in the case where you want network level security (SSL encryption of transmitted data, PCI compliance etc ...)
Again this doesn't stop the MITM attacks, an additional step is to lockdown the access by IP address and even the device MAC, but then these too can be circumvented, it depends what you are trying to achieve.
If it is just a web service between two servers, an SSH SOCKS tunnel to the server running the webservice, which is then locked down to only allow access to localhost using htaccess, would be a way to secure this.
Anyway This is going off at a tangent, just some food for thought.