Exam SY0-501 topic 1 question 669 discussion

D. The "security specialist inspects the certificate and realizes it has been issued to the IP address". The Subject Alternative Name (SAN) is an extension to the X. 509 specification that allows users to specify additional host names for a single SSL certificate. Answer A, "OSCP", is not to be confused with Online Certificate Status Protocol (OCSP). Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive Security that teaches penetration testing. Answer A says "OSCP." Wrong. Even if answer A meant OCSP (The Online Certificate Status Protocol (OCSP) - used for obtaining the revocation status of an X. 509 digital certificate) it still would be wrong. The certificate wasn't revoked - it just uses an IP address instead of a FQDN with a SAN.

OSCP = Offensive Security Certified Professional OCSP = Online Certificate Status Protocol

if melvin john suggested the answer to be A, and Now changing it to D, why is this not updated?

"The Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate." Answer is 'D' (SAN).

How does OCSP Work? When a user requests the validity of a certificate, an OCSP request is sent to an OCSP Responder. This checks the specific certificate with a trusted certificate authority and an OCSP response is sent back with a response of either 'good', 'revoked' or 'unknown'.

OCSP is for certificate status. You would just add the hostname or FQDN to the SAN field and you should be good. Browser can use with the CN field or the SAN field to verify

Using an IP Address in an SSL Certificate The lowdown on IPs in SSL certificates We're often asked if an IP address can be used in an SSL certificate in place of a fully qualified domain name . The short answer is yes, but we don't recommend it. If your IP address changes your SSL certificate can become useless. If you decide that you really need an IP in your cert there are specific stipulations, conditions, and limitations to consider. Requirements and restrictions on IP addresses in SSL certificates Public IP addresses only (e.g., 18.236.49.115) Reserved IP addresses (local) are not allowed (e.g., 10.0.0.0) Domain Validated (DV) and Organization Validated (OV) certificates only (EV certs cannot have an IP address) You must prove that you control the IP by hosting a .txt file containing a generated random string token at a predetermined location on your website. This token and instructions will be provided to you after submitting your IP SSL order. You'll want to review the steps required to prove IP ownership by the HTTPS File Authorization method before placing an IP certificate order.

I will go with D.

Correction: OSCP

Based on what is mentioned "A: OCSB"?

I'm also going with D.

I thought it was SAN too.