Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 316

An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025.

The validity date on the PA-generated certificate is taken from what?

Answer options

• A. The root CA
• B. The untrusted certificate
• C. The server certificate
• D. The trusted certificate

Correct answer: C

Explanation

The validity date of a PA-generated certificate is derived from the server certificate, which provides the parameters for the certificate's lifespan. The other options, such as the root CA and untrusted certificate, do not directly influence the validity of the PA-generated certificate in this context.