A self-signed certificate is a certificate that is signed by the same entity that it certifies. This term does not refer to the identity of the person who or organization that actually performed the signing procedure. A self-signed certificate is a certificate signed with its own private key, that is, the entity that signs the certificate is also the entity that created the certificate. The CEG ships with a default Johnson Controls self-signed certificate that provides secure communication. You can run a CEG on your network with a self-signed certificate.
However, if you need to expose the CEG UI on a public network and use browsers that indicate a trusted site, you must get a signed certificate that matches your domain name. You can acquire a valid signed certificate from your IT department or purchase it from a public certificate authority (CA) using a certificate signing request (CSR). A certificate signed by a CA is used to establish a secure connection between your browser and the CEG. You can install only one certificate on a CEG at a time. When you install a new certificate on a CEG, you overwrite the existing certificate.