Correct:
A. The CA extension must be set to TRUE.
D. The keyUsage extension must be set to keyCertSign.
Incorrect:
B. The issuer must be a public CA.
C. The common name on the subject field must use a wildcard name.
FortiGate Security 7.2 Study Guide (p.232):
"FortiGate is acting as a proxy web server. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign.
The cA=True value identifies the certificate as a CA certificate. The keyUsage=keyCertSign value indicates that the certificate corresponding private key is permitted to sign certificates."
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
"r. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension
set to keyCertSign. "
Fortigate Security Study Guide v7.0, Page 323
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
raydel92
4 months, 1 week agogeotown
5 months agoRabbit414
1 year, 2 months agoIsraelq
1 year, 2 months agoKutchek
1 year, 3 months ago