If your proxy is the only client consuming the certificate, and you have a way to tell the proxy to accept only that specific certificate, a self-signed certificate could be better than a publicly-trusted certificate, because you're no longer exposed to risks of certificate misissuance via a public CA (and you don't have to disclose the internal name publicly if you don't want to).
Self-signed certificates are weaker than publicly-trusted certificates if they force (or train) users to accept them without verification, but they're potentially stronger than publicly-trusted certificates if both sides of the connection are run by the same person or organization and the certificate identity is explicitly agreed and verified by that person or organization. The certificate is meant to solve the problem of confirming that the connection is using the correct public key; if you can solve that problem in a particular situation in a way that's more reliable than the public web PKI, you've increased your security, not decreased it.
@jsha described this exact phenomenon recently in another thread: