Oracle Cloud Infrastructure 2022 Architect Professional — Question 36

You are a principal cloud consultant at a retail firm. You are tasked with importing a certificate issued by a third-party certificate authority (CA) using the Oracle Cloud Infrastructure (OCI) Certificates service. While performing the import, you upload the Certificate, Certificate Chain, and Private Key under Certificate Configuration. However, you receive the following error message:

“The certificate chain in the configuration details of the certificate is invalid”

Which two certificate settings can help resolve this error? (Choose two.)

Answer options

• A. In the basic constraints extension, if the path length is specified, the number of intermediate certificates in the certificate chain hierarchy should exceed it.
• B. Confirm that the certificate chain includes all CA certificates up to and including the root certificate.
• C. Ensure that the certificate’s common name is non-null.
• D. If the key usage extension is present, it should not include KEY_CERT_SIGN.
• E. In the basic constraints extension, set isCA parameter to false.

Correct answer: B, D

Explanation

Option B is correct because the certificate chain must include all intermediate and root CA certificates for validation. Option D is also valid, as the presence of KEY_CERT_SIGN in the key usage extension could lead to issues with the certificate's functionality, but it does not directly relate to the chain validation error. The other options do not address the specific issue with the certificate chain being invalid.