When you use a service such as Nexus on a secure, encrypted connection, the server will display a digital certificate to prove that it is the server that it says it is; without this, it would be possible for another server to masquerade as Nexus and accept your password.
In order for your browser to trust that the certificate itself is valid, the certificate needs to be issued by a trusted authority. Most of the IT Services user-facing services use certificates issued either by GlobalSign or by Comodo. These certificates will automatically be recognized by most modern software.
Registered Oxford University IT Support Staff may obtain certificates for servers in domains registered to the University of Oxford (generally .ox.ac.uk but others too) via IT Services using the free of charge JANET Service. Full details may be found in the ITSS wiki (N.B. only available to registered Oxford University IT Staff)