This question came up from a potential business partner, and I’ve been struggling to get a clear answer on it.
Well, it definitely isn’t an internal certificate authority relative to your organisation. So that implies an external certificate authority, right?
I’m assuming your potential business partner has never heard of Let’s Encrypt? Otherwise I think he/she wouldn’t ask this question.