You could, but SSL/TLS certificates are designed for the specific use case of browser-to-server authentication for web commerce, not for the security of IoT devices. These certificates have short lifetimes (1–2 years) and generally use RSA encryption, which uses key lengths of 2,048 or 4,096 bits. IoT devices generally do not have the storage or compute power for these types of certificates and typically use Elliptic Curve Cryptography (ECC), which produces much shorter key lengths. ECC with a 256-bit key length is roughly the same as RSA with 3,072-bit keys.