NSE 4 – FortiGate 7.2 — Question 26
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)
Answer options
- A. The keyUsage extension must be set to keyCertSign.
- B. The CA extension must be set to TRUE.
- C. The issuer must be a public CA.
- D. The common name on the subject field must use a wildcard name.
Correct answer: A, B
Explanation
The keyUsage extension set to keyCertSign indicates that the certificate can be used to sign other certificates, which is essential for a CA certificate. Additionally, the CA extension set to TRUE explicitly designates the certificate as a certificate authority, allowing it to issue other certificates. The other options, while relevant to certificates, do not specifically pertain to the requirements for a CA certificate in SSL inspection.