NSE 4 – FortiGate 6.4 — Question 77
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
Answer options
- A. The issuer must be a public CA
- B. The common name on the subject field must use a wildcard name
- C. The keyUsage extension must be set to keyCertSign
- D. The CA extension must be set to TRUE
Correct answer: C, D
Explanation
The correct attributes for a CA certificate used in SSL Inspection are the keyUsage extension set to keyCertSign and the CA extension marked as TRUE, which allows the certificate to sign other certificates. Options A and B do not meet the requirements; A specifies the issuer type rather than the necessary certificate attributes, and B focuses on the common name format, which is not a requirement for CA certificates.