For a certificate-based VPN tunnel between two gateways with separate management systems, mutually trusted Certificate Authorities are required. This ensures that both gateways can validate the authenticity of the certificates presented by the other party, enabling secure communication.