If the devices aren't using the certificates then just disable them from responding to SSL/TLS so that the scanner doesn't detect them.
If they are using the certificates, then document for purposes of the scan why they use a self-signed (of manufacturer-issued as the case may be with wireless APs in particular) certificate. Often this is by design and not a problem with respect to security.
Of course if they are using certificates for actual device administration then they should be proper ones with the CN from the certificate matching the device's FQDN in DNS.