Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 72

Which is not a valid reason for receiving a decrypt-cert-validation error?

Answer options

• A. Unsupported HSM
• B. Unknown certificate status
• C. Client authentication
• D. Untrusted issuer

Correct answer: A

Explanation

The correct answer is A because an unsupported HSM does not typically lead to a decrypt-cert-validation error; it is more about hardware compatibility. The other options, such as unknown certificate status, client authentication issues, and untrusted issuer, can legitimately cause this specific error as they relate directly to the validation of the certificate chain.