All traffic to Managed Service for TimescaleDB (MST) services is always protected by TLS (SSL). TLS ensures that third-parties can't eavesdrop or modify the data while it's in transit between the MST services and clients accessing the services.
Every MST project has its own private Certificate Authority which is used to sign certificates that are used internally by the MST services to communicate between different cluster nodes and to MST management systems. It's possible to download the project's CA certificate from the MST web console in the service view (click Show CA certificate) and establish the trust by setting up your browser or client to trust that certificate.
All server certificates are always signed by the MST project CA.