Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

FCP_FGT_AD-7.4 0 Comments

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

A. The keyUsage extension must be set to keyCertSign.

B. The CA extension must be set to TRUE.

C. The issuer must be a public CA.

D. The common name on the subject field must use a wildcard name.

Answer: A,B

Explanation:

Full SSL inspection – Certificate requirements:

FortiGate is acting as a proxy web server. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign.

The CA=True value identifies the certificate as a CA certificate. The KryUsage =KeyCertSign value indicates that the certificate corresponding private key is permitted to sign certificates. see RFC 5280 section 4.2.1.9 basic Constraints.

Although it appears as though the user browser is connected to the web server, the browser is connected to FortiGate. FortiGate is acting as a proxy web server. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign.

Latest FCP_FGT_AD-7.4 Dumps Valid Version with 200 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download FCP_FGT_AD-7.4 PDF     FCP_FGT_AD-7.4 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments