Unless this is a closed network in an organisation,(1) never ask users to install a custom CA. The request is identical to asking for dropping TLS for entire browser traffic. Even if you do not care about security and your users, you are still putting yourself at risk of major browser or antivirus software simply blacklisting your CA as soon as your actions become widespread enough to be noticed.
In reality, it is no different than trusting the 150+ CA organizations (and the tens of thousands of signing certificates issued by those) your browsers trust by default. No, browsers won't blacklist such CA certificates unless they are misused. After all, certificate mechanisms are completely based on
trust in organizations keeping their CA keys securely secret and only signing certificates other CA authorities are willing to honor.
If you intend to sell a product intended to store other peoples stuff in a secure manner, you better be trustworthy anyway. If being a trustworthy CA with associated obligations is too much of a burden, I do not think you should be selling storage appliances.
Thinking about the use cases a bit more, I do believe self-signed certificates that your appliance provides using a plain HTTP connection, say from
http://appliance/certificate.crt, are most appropriate.
When served unsecured as
application/x-x509-ca-cert (DER encoded), browsers will ask the user whether they want to install that certificate. It is completely okay to serve certificates unsecured: if they are modified during transfer by a third party, they will no longer match the secret key anymore.
When a browser has installed a self-signed certificate, it will accept it as valid, and not complain about it being self-signed. This is the standard web appliance pattern.
If such an appliance has a second secret, say a salted hash of a password required to update the certificate (and associated secret key), it can provide a web form (over a secure connection, using a default/random certificate) with JavaScript that generates a new key and certificate, based on details supplied by the user. (You can find such JS code online.)
The RSA PK calculations needed to generate a new self-signed certificate involve several orders of magnitude more computation than a single TLS handshake, so it is typically not feasible to do that on the IoT appliance itself.
Similarly, possibly even on the same form, you could define/generate a binary secret that is used to encrypt the actual storage. That way, the end user would be in full control of their data and security.