ExamTopics Logo
Mail Us[email protected]
Menu
Oracle Discussions
exam questions

Exam 1z0-997-22 All Questions

View all questions & answers for the 1z0-997-22 exam
Go to Exam

Exam 1z0-997-22 topic 1 question 56 discussion

Actual exam question from Oracle's 1z0-997-22
Question #: 56
Topic #: 1
[All 1z0-997-22 Questions]

You are a principal cloud consultant at a retail firm. You are tasked with importing a certificate issued by a third-party certificate authority (CA) using the Oracle Cloud Infrastructure (OCI) Certificates service. While performing the import, you upload the Certificate, Certificate Chain, and Private Key under Certificate Configuration. However, you receive the following error message:

“The certificate chain in the configuration details of the certificate is invalid”

Which two certificate settings can help resolve this error? (Choose two.)

  • A. In the basic constraints extension, if the path length is specified, the number of intermediate certificates in the certificate chain hierarchy should exceed it.
  • B. Confirm that the certificate chain includes all CA certificates up to and including the root certificate.
  • C. Ensure that the certificate’s common name is non-null.
  • D. If the key usage extension is present, it should not include KEY_CERT_SIGN.
  • E. In the basic constraints extension, set isCA parameter to false.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by Nots at Oct. 10, 2023, 3:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
daws08322
1 year, 3 months ago
B. Confirm that the certificate chain includes all CA certificates up to and including the root certificate. This is a critical requirement for a valid certificate chain. Ensure that all necessary intermediate CA certificates and the root CA certificate are included in the chain. The certificate chain should be complete. D. If the key usage extension is present, it should not include KEY_CERT_SIGN. In a typical TLS/SSL certificate chain, the key usage extension should not include the KEY_CERT_SIGN flag. This flag is typically associated with CA certificates. If it's present in an end-entity certificate, it can cause validation issues.
upvoted 1 times
daws08322
1 year, 2 months ago
correction BC The certificate's common name is non-null. In the basic constraints extension, the isCA bit is set to true. In the basic constraints extension, if the path length is specified, the number of intermediate certificates in the certificate chain hierarchy does not exceed it. If the key usage extension is present, it includes KEY_CERT_SIGN.
upvoted 1 times
...
...
Nots
1 year, 3 months ago
Selected Answer: BC
Confirm that the certificate chain includes all certificate authority (CA) certificates up to and including the root certificate. ... - The certificate's common name is non-null. ... https://docs.oracle.com/en-us/iaas/Content/certificates/invalidcertificatechain.htm
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago