Self-signed certificate is just fine if the signed page is used by yourself or people who know you and know your certificate (for example, if you personally handed them its public key or public key token and say "this is mine, can be trusted"). This way, no one can spoof your site; your friends can check it up. So far so good.
But how about some user who sees that the site represents your organization and needs some firm evidence of your statement. Okay, this person can check up the certificate, but how can be the evidence? As you should understand, someone else could self-sign some other certificate (exactly the same way you did) and pretend that his malicious site represents your organization. How to tell the difference?
That what the certificate authorities are for. Please see:
http://en.wikipedia.org/wiki/Certificate_authority[
^],
http://en.wikipedia.org/wiki/Digital_certificate[
^],
http://en.wikipedia.org/wiki/Digital_signature[
^],
http://en.wikipedia.org/wiki/Public-key_cryptography[
^].
—SA
Submit an article or tip