Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

A. The keyUsage extension must be set to keyCertSign.

B. The common name on the subject field must use a wildcard name.

C. The issuer must be a public CA.

D. The CA extension must be set to TRUE.

Answer: A,D

Explanation:

"In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign."

Reference: https://www.reddit.com/r/fortinet/comments/c7j6jg/recommended_ssl_cert/

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments