Good idea. In Firefox, one could have a separate profile for this, so that the CA cert is not imported in one’s general profile.

Another option could be to put the cameras behind a reverse proxy (e.g. Nginx or Envoy) and terminate TLS there.