Hi Guys,
I would like to start using SATSA PKI to authenticate my users. There is something that i don't understand: in the enrollment process i first need to generate a CSR and then send this CSR to get a signed certificate. But whom exactly do i send it to?  
this is the official example from sun:

// Send the generated CSR to the CA enrollment server,

// possibly over a secure TCP (SecureConnection) or HTTPS 

//(HttpsConnection). Wait for response (the signed X.509 

// certificate chain)

String url = "www.j2medeveloper-ca.com:443";

byte[] response = secureSend(url, csr);

who is the "CA enrollment server" in reality? Can it be a self-signed Certificate?
Thanks