Examice

Exam 1z0-997-22 All QuestionsBrowse all questions from this exam

Question 50

You are a principal cloud consultant at a retail firm. You are tasked with importing a certificate issued by a third-party certificate authority (CA) using the Oracle Cloud Infrastructure (OCI) Certificates service. While performing the import, you upload the Certificate, Certificate Chain, and Private Key under Certificate Configuration. However, you receive the following error message:

“The certificate chain in the configuration details of the certificate is invalid”

Which two certificate settings can help resolve this error? (Choose two.)

In the basic constraints extension, if the path length is specified, the number of intermediate certificates in the certificate chain hierarchy should exceed it.

Confirm that the certificate chain includes all CA certificates up to and including the root certificate.

Ensure that the certificate’s common name is non-null.

If the key usage extension is present, it should not include KEY_CERT_SIGN.

In the basic constraints extension, set isCA parameter to false.

Correct Answer: B, C

To resolve the error regarding an invalid certificate chain, first ensure that the certificate chain includes all CA certificates up to and including the root certificate, as this is critical to creating a valid chain. Additionally, verify that the certificate’s common name is non-null, as a null common name can cause issues with certificate validation.

Discussion

daws08322Options: BD

B. Confirm that the certificate chain includes all CA certificates up to and including the root certificate. This is a critical requirement for a valid certificate chain. Ensure that all necessary intermediate CA certificates and the root CA certificate are included in the chain. The certificate chain should be complete. D. If the key usage extension is present, it should not include KEY_CERT_SIGN. In a typical TLS/SSL certificate chain, the key usage extension should not include the KEY_CERT_SIGN flag. This flag is typically associated with CA certificates. If it's present in an end-entity certificate, it can cause validation issues.

daws08322

correction BC The certificate's common name is non-null. In the basic constraints extension, the isCA bit is set to true. In the basic constraints extension, if the path length is specified, the number of intermediate certificates in the certificate chain hierarchy does not exceed it. If the key usage extension is present, it includes KEY_CERT_SIGN.

NotsOptions: BC

Confirm that the certificate chain includes all certificate authority (CA) certificates up to and including the root certificate. ... - The certificate's common name is non-null. ... https://docs.oracle.com/en-us/iaas/Content/certificates/invalidcertificatechain.htm