NSE 4 – FortiGate 7.0 — Question 80
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
Answer options
- A. The CA extension must be set to TRUE.
- B. The issuer must be a public CA.
- C. The common name on the subject field must use a wildcard name.
- D. The keyUsage extension must be set to keyCertSign.
Correct answer: A, D
Explanation
The correct attributes for a CA certificate in SSL Inspection are that the CA extension must be set to TRUE to designate it as a CA and the keyUsage extension must include keyCertSign to allow the certificate to sign other certificates. The other options, while potentially relevant, do not meet the specific requirements for a CA certificate in this context.