What is difference between self signed and certificate generated by certification authority

Question

I want to know the difference between self signed and certificate generated by certification authority.

I can easily create a self signed certificate for domain xyz.com then what is the difference between this certificate and the one generated by CA?

Scenario

Suppose a site xyz.com is secured with a certificate issued to xyz.com and it can be accessed by the clients who have the certificate issued by the site.

I can also create a self signed for xyz.com then how will my server take care of this fake certificate?

Answer 1

If the CA's certificate is already installed in your browser, then when your browser encounters a certificate that claims to be signed by a certain CA it can verify that it was indeed signed by that CA. The CA itself usually verifies your identity in some way or other before signing your certificate.

Your self-signed certificate is just signed by your own CA. No one verified that the certificate actually belongs to the person it claims to belong. You can install your own CA's root certificate into your browser. That way you won't get those annoying warning messages about the certificate. Other users usually won't have your own CA's root certificate installed and will still get the warning.