Exam SY0-501 topic 1 question 494 discussion

I think certificate chaining is correct. - Certificate 1 is signed by Geotrust Global CA a third-party. - Certificate 2 is signed by no one, so I assume it's self-signed. To address this, you'd use certificate chaining to reissue certificate 2 so it was no longer self-signed. Certificate 2 would be a unique end entity certificate that is validated by the third party that issued certificate 1.

B. A certificate chain is an ordered list of certificates, containing an SSL Certificate and Certificate Authority (CA) Certificates, that enable the receiver to verify that the sender and all CA's are trustworthy. ...

The certificate chain simplifies key management and certificate monitoring by “grouping” CAs into a tree-like structure, where verifying the top or root CA automatically verifies the whole chain.

certificate chaining or a chain of trust. The root's certificate is self-signed. In the hierarchical model, the root is still a single point of failure. If the root is damaged or compromised, the whole structure collapses. To mitigate against this, however, the root server can be taken offline as most of the regular CA activities are handled by the intermediate CA servers.

Answer is definitely B. Certificate chaining. Chain of trust- Lists all of the certificates between the server and the root CA. The cahin starts with the SSL certificate and ends with the Root CA certificate, Any certificate between the SSL certificate and the root certificate is a chain certificate, or intermediate certificate. Needs to be configured with the proper chain or the end user will get an error. Wildcards are typically for sub-domains and SANs can be for many different domains. It looks like they are already trying to use a *wildcard and it is not working.

Both certificates appear to be wildcard already, so not answer A. Certificate 2 may not be valid as it may be missing its own certificate chain like Certificate 1. The answer B can be read as "use certificate chaining" to fix Certificate 2, which effectively makes it identical to Certificate 1 (which is ok since it is wildcard certificate anyway).

i'm sorry for my english, D is not because EV is used to give add information to the certificate in legal order, C ist trsut model but the company is one, A is not because wilcard is used for subdomain, ther is company.com , unique domain. B is unique.

Certificate chaining combines all the certificates from the root CA down to the certificate issued to the end user. A wildcard certificate is used for a single domain with multiple subdomains, but each domain name must have the same root domain.. Wildcard certificates can reduce the administrative burden associated with managing multiple certificates.

Yes, a wild card would allow one certificate to validate the certificate form start to finish. In this scenario the chain of trust broke down from one to the other, hence the certificate chain would have Identified the break down, or would have prevented it. SEC + SYO 501 PG 559.

The correct answer is missing: A Subject Alternate Name (or SAN) certificate is a digital security certificate which allows multiple domains to be protected by a single certificate. The only possible way to use a single SSL certificate on multiple domains is with a Multi-Domain SSL certificate. You can secure multiple domains and sub-domains with a single SSL certificate. Multi-Domain (SAN) SSL is also called Unified Communication Certificate (UCC) SSLs.

They contradict themselves by saying that the two servers are using the same certificate, but the details of the certificate are different. I think they are implying that the root certificate is somehow not correct in Certificate 2. Certificate Chaining is the relationship between the root CA and the end-user entities. upvoted 1 times

They contradict themselves by saying that the two servers are using the same certificate, but the details of the certificate are different. I think they are implying that the root certificate is somehow not correct in Certificate 2 if that's possible. Certificate Chaining is the relationship between the root CA and the end-user entries.

They contradict themselves by saying that both captive portals are using the same server certificate but the details for the certificate are different. I think they are trying to imply that the root certificate is not correct somehow in "Certificate 1" if that's possible. Certificate chaining is "the relationship between the root CA and the end-user entries.

This is difficult. I settled on D. ( C ) A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate. (A ) An SSL Wildcard certificate is a single certificate with a wildcard character in the domain name field. This allows the certificate to secure multiple sub domain names (hosts) pertaining to the same base domain. ( B) Certificate Chaining - instead of the server just presenting the signed certificate from the CA it sends both that cert and the intermediate’s cert public key. The browser can check the intermediate cert is good because it knows about the root cert. ( D ) During verification of an Extended Validation (EV SSL) Certificate, the owner of the website passes a thorough and globally standardized identity verification process to prove exclusive rights to use a domain, confirm its legal, operational and physical existence, and prove the entity has authorized the issuance of the certificate. Answer D might be overkill but would solve the problem.

why making them into 2 different certificates in the first place? I vote for A.

Can anyone explain why it is answer B? Cert path 1 is issued by a CA but Cert path 2 is not. So with a Certificate chain cert path 1 will extend the chain of trust to cert path 2?