FortiGate uses the ______ certificate standard.
X.509v3
X.509v4
X.509v5
What attribute or extension is used to identify the owner of a certificate?
a. The subject name in the certificate
b. The unique serial number in the certificate
How does FortiGate check to see if a certificate has been revoked?
a. It checks the CRL that resides on FortiGate.
b. It retrieves the CRL from a directory server.
Which one of the following is a certificate extension and value that is required in the FortiGate CA certificate in order to enable full SSL inspection?
a. CRL DP=ca_arl.arl
b. cA=True
For full SSL inspection, which configuration requires FortiGate to act as a CA?
a. Multiple clients connecting to multiple servers
b. Protecting the SSL server
Deleting a CSR that is a pending state does not impact your ability to install the certificate.
a. True
b. False
What is one reason why a CA would trust and accept a CSR from a FortiGate?
a. The CSR is signed by the FortiGate’s private key.
b. The CA inherently trusts all FortiGates.
To be compliant with the Internet Engineering Task Force (IETF) RFC 5280, the CA certificate requires these two extensions to issue certificates:
cA=True keyUsage=keyCertSign
cA=True RFC=5280
Untrusted SSL Certificates options: (select 3)
Allow
Block
Ignore
Log only
Default
Quarantine
ignore untrusted certificates is only available if Multiple Clients Connecting to Multiple _ Servers is selected
CSR
Certificate signing request
Certificate security request
A. True
B. False
A. The CSR is signed by the FortiGate’s private key.
B. The CA inherently trusts all FortiGates.
