For web servers, you must usually get your SSL certificate from a recognized certificate authority (CA), as most browsers complain if the certificate is not issued by a known CA. They warn the user of the most common security risks and require confirmation before connecting to a server with a certificate issued by an unknown CA.
For your database server, it is usually sufficient to generate the certificate yourself, using OpenSSL. The following commands generate a self-signed certificate for your server:
openssl genrsa 2048 > server.key
openssl req -new -x509 -key server.key -out server.crt
Read more on X.509 keys and certificates in OpenSSL's HOWTO's pages at https://github.com/openssl/openssl/tree/master/doc/HOWTO.