CompTIA Security+ (SY0-601) — Question 765

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?

Answer options

• A. The required intermediate certificate is not loaded as part of the certificate chain.
• B. The certificate is on the CRL and is no longer valid.
• C. The corporate CA has expired on every server, causing the certificate to fail verification.
• D. The scanner is incorrectly configured to not trust this certificate when detected on the server.

Correct answer: A

Explanation

The correct answer is A because if the required intermediate certificate is not included, the certificate chain cannot be completed, causing the certificate to be seen as untrusted. Option B is incorrect since there's no indication the certificate is on the CRL. Option C is not applicable since a corporate CA expiration would typically affect all certificates, not just this specific one. Option D is also wrong because if the certificate works on other servers, it suggests that the scanner's configuration is the issue, not the certificate itself.