CompTIA Security+ (SY0-501) — Question 68

A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired?

Answer options

• A. The certificate was self signed, and the CA was not imported by employees or customers
• B. The root CA has revoked the certificate of the intermediate CA
• C. The valid period for the certificate has passed, and a new certificate has not been issued
• D. The key escrow server has blocked the certificate from being validated

Correct answer: B

Explanation

The correct answer is B because if the root CA has revoked the certificate of the intermediate CA, it would cause trust issues for certificates issued through that intermediate. Option A is incorrect as self-signed certificates would typically prompt a different warning, while option C is not applicable since the question states the certificate has not expired. Option D is not relevant in this context as key escrow servers do not typically block certificate validation.