Which feature requires the use of a commercial, trusted certificate authority?

Two-way TLS (Transport Layer Security) is a security protocol that ensures both the client and server authenticate each other, providing a secure communication channel. In this scenario, the use of a commercial, trusted certificate authority is essential to issue digital certificates that bind identities to cryptographic keys.

When employing two-way TLS, the client presents its certificate to the server, and the server also presents its certificate to the client. For the certificates to be trusted by both parties, they must be signed by a trusted certificate authority. This reduces the risk of man-in-the-middle attacks, as clients will only accept certificates signed by these trusted authorities.

In contrast, while one-way TLS also relies on certificates, only the server's certificate needs to be trusted by the client, and it can utilize self-signed certificates if the client is configured accordingly. OAuth 2.0 focuses on authorization rather than transport layer security and typically does not need a certificate authority for its token exchanges and communications. Named Credentials is a Salesforce feature that defines how to connect to an external system, but it doesn’t specifically require certificates from a commercial authority; the connections can often use various means of authentication, including bearer tokens.