Self-Signed Certificate

Certificate authority (CA) signed certificates should be used for production systems, particularly if your deployment is going to be accessed from users outside your organization. In example, if your deployment is not behind your WatchGuard firewall (any Firewall) and accessible over the Internet, using a CA-signed certificate assures clients from outside your organization that the identity of the website has been verified.

Domain Certificates
If your deployment is located behind your WatchGuard Firewall and leveraging a CA-signed certificate is not possible, using a domain certificate is an acceptable solution. A domain certificate is an internal certificate signed by your organization's certificate authority. Leveraging a domain certificate assists in reducing the cost of issuing certificates and eases certificate deployment, since certificates can be generated quickly within your organization for trusted internal use.

Self-Signed Certificate Creation
In our instance, We need to create a self signed certificate or install a 3rd party public certificate in order to properly configure our setup. A public cert such as one from Digicert is preferred but a Self signed certificate will meet requirements as well. Creating a self signed certificate is pretty simple and straight forward.

Open the Internet Information Services (IIS) Manager under Administrative Tools.

On the left side, highlight the root of the server under Start Page. Select Server Certificates which will define all installed server certificates.

On the Create Self-Signed Certificate in the Actions column on the right side, select Create Self-Signed Certificate.