两个选项都有效，选项2更简单.

Both options are valid, option 2 is simpler.

当您需要多个证书时，***选择选项 1(设置您自己的 CA).在公司中，您可以设置自己的 CA 并将该 CA 的证书安装在所有客户端的根密钥库中.然后，这些客户端将接受您的 CA 签名的所有证书.

Option 1 (setting up your own CA) is preferable when you need multiple certificates. In a company you might set up your own CA and install that CA's certificate in the root keystore of all clients. Those clients will then accept all certificates signed by your CA.

选项 2(在没有 CA 的情况下自签名证书)更容易.如果您只需要一个证书，那么这就足够了.将其安装在客户端的密钥库中，您就完成了.但是当您需要第二个证书时，您需要在所有客户端上重新安装它.

Option 2 (self-signing a certificate without a CA) is easier. If you just need a single certificate, then this is sufficient. Install it in the keystores of your clients and you are done. But when you need a second certificate, you need to install that again on all clients.

这是一个包含更多信息的链接:创建证书颁发机构和自签名 SSL 证书

Here is a link with further information: Creating Certificate Authorities and self-signed SSL certificates