CompTIA CASP+ (CAS-004) — Question 231

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate is undefined

Which of the following is the root cause of this issue?

Answer options

• A. iOS devices have an empty root certificate chain by default.
• B. OpenSSL is not configured to support PKCS#12 certificate files.
• C. The VPN client configuration is missing the CA private key.
• D. The iOS keychain imported only the client public and private keys.

Correct answer: D

Explanation

The correct answer is D because the error indicates that the iOS keychain lacks the CA certificate necessary for establishing a trusted connection. Options A, B, and C do not address the specific issue of missing the CA certificate in the keychain, which is essential for the VPN client to authenticate the server.