For successful TLS authentication, there must be a complete "path" or "chain" from the client certificate to a CA certificate. Additionally, both participants in the negotiation must recognize the signing authority. When the certificate is self-signed, there is no guarantee that the server connecting is who is says it is.