Certificate is singed by an unrecognised certificate authority.  If a browser receives a self-signed certificate, it pops up a warning, and the burden falls to the user to confirm the identity.  Pushing this decision to the user is ultimately what opens up the possibility of a man-in-the-middle (MITM) attack.  The security issue is not with self-signed certificates, but with the way users interact with them in the browser.

Recommendation:

Purchase or generate a proper certificate for this service.

Check out, for Mand in the middle

http://www.schneier.com/blog/archives/2010/04/man-in-the-midd_2.html

You can purchase SSL certificates from Symantec

https://www.symantec.com/en/uk/verisign/ssl-certificates/secure-site