CompTIA DataX (CNX-001) — Question 68

A network load balancer is not correctly validating a client TLS certificate. The network architect needs to validate the certificate installed on the load balancer before progressing. Which of the following commands should the architect use to confirm whether the private key and certificate match?

Answer options

• A. openssl-list -noout -modulus -in cert.crt | openssl md5 openssl rsa -noout -modulus -in privkey.txt | openssl md5
• B. openssl req -in certificate.csr -verify openssl-verify -noout -modulus -in privkey.txt | openssl md5
• C. openssl-rsa -noout -modulus -in cert.crt | openssl md5 openssl-verify -noout -modulus -in privkey.txt | openssl md5
• D. openssl x509 -noout -modulus -in cert.crt | openssl md5 openssl rsa -noout -modulus -in privkey.txt | openssl md5

Correct answer: D

Explanation

The correct command in option D uses 'openssl x509' to extract the modulus of the certificate and 'openssl rsa' to extract the modulus of the private key, allowing a comparison to ensure they match. Options A, B, and C contain incorrect syntax or commands that do not provide the necessary verification between the certificate and private key, rendering them unsuitable for this task.