A self-signed certificate is a certificate that is signed by the same entity that it certifies. This term does not refer to the identity of the person or organization that actually performed the signing procedure. A self-signed certificate is a certificate signed with its own private key, which means the entity signing the certificate is also the entity that created the certificate.
The SBH ships with a default Johnson Controls® self-signed certificate that provides secure communication. You can only install one certificate on an SBH at a time. When you install a new certificate on a SBH, you overwrite the existing certificate. You can run an SBH on your network with a self-signed certificate.
However, if you need to expose the SBH UI on a public network and have browsers that indicate a trusted site, you must get a signed certificate matching your domain name. You can acquire a valid signed certificate from your IT department or purchase it from a public Certificate Authority (CA) using a certificate signing request (CSR). A certificate signed by a CA is used to establish a secure connection between your browser and the SBH.