Below card depicts how Https works.

There are two parts. First part is Certificate generation. Certificates can be either self-signed or issued by Certificate Authorities (CAs). Obtaining certificate from CA is mandatory to allow clients to connect to application securely over Internet. Self-signed certificate are mostly used during testing.

The second part is, how certificate is used while establishing a secure connection between a client and the server.