ExamTopics Logo
Mail Us[email protected]
Menu
Lpi Discussions
exam questions

Exam 202-450 All Questions

View all questions & answers for the 202-450 exam
Go to Exam

Exam 202-450 topic 1 question 39 discussion

Actual exam question from LPI's 202-450
Question #: 39
Topic #: 1
[All 202-450 Questions]

In response to a certificate signing request, a certification authority sent a web server certificate along with the certificate of an intermediate certification authority that signed the web server certificate.
What should be done with the intermediate certificate in order to use the web server certificate with Apache HTTPD?

  • A. The intermediate certificate should be merged with the web server's certificate into one file that is specified in SSLCertificateFile
  • B. The intermediate certificate should be used to verify the certificate before its deployment on the web server and can be deleted
  • C. The intermediate certificate should be stored in its own file which is referenced in SSLCaCertificateFile
  • D. The intermediate certificate should be improved into the certificate store of the web browser used to test the correct operation of the web server
  • E. The intermediate certificate should be archived and resent to the certification authority in order to request a renewal of the certificate
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by fluffyuranus at Jan. 5, 2021, 3:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
fluffyuranus
Highly Voted 3 years, 5 months ago
You don't merge 2 certificates - they have a cryptographic hash! C is the correct answer https://techjourney.net/install-intermediate-ca-certificate-chain-cert-in-apache-httpd-server/
upvoted 6 times
...
blahalt
Most Recent 1 month ago
Selected Answer: A
Answer A is 100% correct !
upvoted 1 times
...
Tomba
7 months ago
SSLCaCertificateFile is for CLIENT certs, not SERVER certs, so A is correct
upvoted 1 times
...
MaikyCR28
10 months ago
Correct answer: A Ref: LPIC-2 book (https://lpic2book.github.io/src/)
upvoted 2 times
...
cookieb
1 year, 8 months ago
First of all I want to reference this: https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&guideline=5.6 Which states: SSLCertificateFile /path/to/signed_cert_and_intermediate_certs Which is basically "A". Merging in this context means concating, first the Webserver Cert then the Signer Cert If you request a letsencrypt certificate you will get a fullchain.pem file containing all Certificates. So in my eyes, it's definitely A
upvoted 3 times
...
EMordenti
2 years, 2 months ago
I think that "A" There can be many layers of CAs, the top one is called "Root CA" and the rest is called "Intermediate CA". The CAs are chained in descending order and are called "SSL certificate chain". In the Apache configuration file, 'SSLCertificateKeyFile' is used to specify the location of the key file and 'SSLCertificateFile' is used to specify the location of the Cert (server certificate) file. SSLCertificateFile' is used to specify the location of the Cert file and 'SSLCertificateChainFile' is used to specify the location of the SSL certificate chain file. Now, as for 'SSLCACertificateFile', it can also be used to specify the 'SSL Certificate Chain' file, but it must be used in a non-public CA (used to issue self-signed SSL certificates). However, the question is not very clear, so option "C" could be the correct answer.
upvoted 1 times
...
fluffyuranus
2 years, 3 months ago
Selected Answer: C
My argument is over the use of the word MERGE - combining two things into one. You can't combine two certificates into one certificate. You can ADD both certificates to the SSLCertificateFile, but the answer doesn't say that. I could be being pedantic, but I don't think so.
upvoted 1 times
...
Armina
2 years, 4 months ago
Selected Answer: A
A is correct! According to Redhat, the intermediate certificate can be appended to server certificate . Ref.: https://access.redhat.com/solutions/43575
upvoted 2 times
...
gndrx78
3 years, 2 months ago
Certificates can be "merged" accordingly to this URL: https://www.thesslstore.com/knowledgebase/ssl-support/combining-multiple-intermediate-certificates/
upvoted 3 times
ldlpi
2 years, 6 months ago
Yes, or this other: https://access.redhat.com/solutions/43575 Where SSLCertificateChainFile is deprectated by SSLCertificateFile https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile Therefore A could be correct, the problem is that C too...
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago