Self signed certificate will not work with certificate based VPN as it does not have trust level. You need external CA certifcate and it should be loaded on both SRX. You can configure your own local CA server on Windows Server or Linux and requests certificate from it or use certificate from Well known public CA certificate ($$$) .
Thanks, Nellikka JNCIE x3 (SEC #321; SP #2839; ENT #790) Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
I personally use the XCA tool for all internal certifcate signing. IF you are sure these SRX's do not need to use the certificate with any external machine, you may setup your own CA with the XCA tool.