Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 111

Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?

Answer options

• A. Import the CA that signed the certificate into the machine trusted root CA store.
• B. Reissue the certificate with asa.lab in the subject alternative name field.
• C. Import the CA that signed the certificate into the user trusted root CA store.
• D. Reissue the certificate with 192.168.10.10 in the subject common name field.

Correct answer: B

Explanation

The correct answer is B because including 'asa.lab' in the subject alternative name field of the certificate allows the browser to validate the certificate correctly against the URL. Options A and C do not resolve the issue since the problem lies in the certificate not matching the URL. Option D is incorrect because the common name in the certificate should match the URL users are trying to access, which is 'asa.lab', not the IP address.