A self-signed certificate is signed by the same person who creates it. Such a certificate can be created using the OpenSSL
toolkit, for example. Although self-signed certificates ensure a sufficient security level, they may cause some issues. E.g., when you access your portal, a security warning appears in a browser informing you that the certificate cannot be verified. They are also considered more vulnerable to the man-in-the-middle attacks. It's better to use self-signed certificates for testing purposes or on a server that can only be accessed from your local network.
A CA-signed certificate is signed by a trusted third party (Certification Authority, CA). Such certificates can be acquired from any SSL certificate provider you like. In most cases, to do that you need to generate a private key and CSR (Certificate Signing Request) using any preferred tool (OpenSSL
, for example), then send the CSR to a Certificate Authority who will verify your identity and issue a signed certificate. In the case of such a certificate usage, the Certificate Authority verifies that the certificate is valid, so no security warnings will be displayed. Besides, a higher security level will be enabled for sensitive data.