A self-signed certificate is a certificate that is signed by the same entity that it certifies. This term does not refer to the identity of the person who or organization that actually performed the signing procedure. A self-signed certificate is a certificate signed with its own private key, that is, the entity that signs the certificate is also the entity that created the certificate. The SBH300 ships with a default Johnson Controls self-signed certificate that provides secure communication. You can run a SBH300 on your network with a self-signed certificate.
However, if you need to expose the SBH300 UI on a public network and use browsers that indicate a trusted site, you must get a signed certificate that matches your domain name. You can acquire a valid signed certificate from your IT department or purchase it from a public certificate authority (CA) using a certificate signing request (CSR). A certificate signed by a CA is used to establish a secure connection between your browser and the SBH300. You can install only one certificate on a SBH300 at a time. When you install a new certificate on a SBH300, you overwrite the existing certificate.