两个选项都有效，选项 2 更简单.

Both options are valid, option 2 is simpler.

当您需要多个证书时，***选择选项 1(设置您自己的 CA).在公司中，您可能会设置自己的 CA 并在所有客户端的根密钥库中安装该 CA 的证书.然后，这些客户端将接受您的 CA 签署的所有证书.

Option 1 (setting up your own CA) is preferable when you need multiple certificates. In a company you might set up your own CA and install that CA's certificate in the root keystore of all clients. Those clients will then accept all certificates signed by your CA.

选项 2(在没有 CA 的情况下自签名证书)更容易.如果您只需要一个证书，那么这就足够了.将它安装在您客户端的密钥库中，您就完成了.但是当您需要第二个证书时，您需要在所有客户端上再次安装它.

Option 2 (self-signing a certificate without a CA) is easier. If you just need a single certificate, then this is sufficient. Install it in the keystores of your clients and you are done. But when you need a second certificate, you need to install that again on all clients.

这是包含更多信息的链接:创建证书颁发机构和自签名 SSL 证书

Here is a link with further information: Creating Certificate Authorities and self-signed SSL certificates