Option A. The FWDtrust is a CA certificate type capable of signing other certificates.
That means either it's a Root Certificate or Intermediate certificate. If it was a Root Certificate, then you wouldn't get that warning. That means the certificate is an intermediate and you need to import its Root Certificate.
If you look at the subject, you will see that there's another certificate which signs the FWDtrust. In fact, it is not a self signed certificate because of that statement, so D is ambigous compared to A, because the FWDtrust does has a certificate chain, just that it's not -imported- into the fw.
D is the answer because the image show us the CA and Key checkboxes, telling us that is a self signed Root CA without a certificate, in other words without a chain and according to warning show in screen.
D here aslo, FWDtrust cert has been imported but the firewall could not verify it and asks for the Cert Chain (import either Root or Intermediate that validates FWDtrust)
Under issuer, it tells us which root CA signed the FWDTrust certificate. Correct answer is A. FWDTrust needs to be a CA (intermediate in this case) in order for it to be able to sign the server certs so that clients accessing an external server or website can tell if the firewall trusts those server certs or not.
D. The problem, as it says itself, is that it does not have a complete chain of trust. The solution would be to add in any intermediate CAs that the NGFW doesn't have as root CAs to restore the chain, but the problem is the chain.
D is ambiguous. D is saying that there is no certificate chain for that cert, but there is because the issuer for the FWDTrust is not the same CN as the subject of FWDTrust
Hi Team to add It is A as other users have done I tested this as well.
If you're using an External/Internal PK, you need to ensure to import the Root CA, in which once you create, generate your CSR, and reimport the Trust cert into the Firewall. The Turst cert should fall into the COC. If this was a self-signed cert (as I have also labbed) you can simple have that on the FW without a COC.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AdamLolzSmith
Highly Voted 3 years, 8 months agoPrutser2
3 years, 6 months agoCarlosDV06
Most Recent 1 week, 1 day agoeca4765
1 week, 2 days agoevdw
2 weeks, 1 day agoj4v13rh4ack
1 month, 3 weeks agohcir
7 months, 1 week agoForces12
3 months, 3 weeks agoJRKhan
1 year agoMicutzu
1 year, 3 months agoMicutzu
1 year, 3 months ago455_qq
2 years, 5 months agoJared28
2 years, 9 months agounknid
2 years, 11 months agoKane002
3 years, 1 month agomyname_1
2 years, 1 month agoBiz90
3 years, 2 months agoFS68
3 years, 3 months agobluejl
3 years, 6 months agoJoey456
3 years, 8 months ago