Correct:
A. The CA extension must be set to TRUE.
D. The keyUsage extension must be set to keyCertSign.
Incorrect:
B. The issuer must be a public CA.
C. The common name on the subject field must use a wildcard name.
FortiGate Security 7.2 Study Guide (p.232):
"FortiGate is acting as a proxy web server. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign.
The cA=True value identifies the certificate as a CA certificate. The keyUsage=keyCertSign value indicates that the certificate corresponding private key is permitted to sign certificates."
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
"r. In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension
set to keyCertSign. "
Fortigate Security Study Guide v7.0, Page 323
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
raydel92
9 months agogeotown
9 months, 3 weeks agoRabbit414
1 year, 7 months agoIsraelq
1 year, 7 months agoKutchek
1 year, 8 months ago