I think there may be a little confusion here.  Your options are really: a) Use a Certification Authority, or b) Use Windows Server Certificate Services.  Self-signed certificates would be difficult to implement and insecure, so I wouldn’t recommend that.  As for whether it’s better to go with a Certification Authority or do things internally…  That’s up to you.  Unless you’ve got a good reason to go with a Certification Authority, I’d definitely recommend just using Certificate Services.  It’s free, secure, and easy to roll out.  If you go with something like Verisign, you’ll need to pay for the certificate, and do some extra configuration to set things up.  The benefit is that your certificate is issued by a universally recognized authority, but that’s probably not a big deal unless it’s required by some industry standard your client is required to follow.