Which statement describes NSE certificate requirements?

• A. An external CA is required.
• B. An internal CA suffices.
• C. No certificate is needed.
• D. A self-signed certificate is required.

Answer: (A)

Certificates prove who is on the other end of a connection and establish trust for encrypted communication. For NSE, the SSL certificate presented by the system must be issued by a trusted external certificate authority so clients across different networks can verify the identity without having to install and trust an internal root CA manually. An external CA provides a widely recognized trust anchor, simplifying client trust, revocation handling, and interoperability. If you used a self-signed certificate or an internal CA, clients would typically not trust it by default and you'd have to distribute and manage the root certificate everywhere, which is impractical in most environments. Therefore, an external CA is required.