Which is not a valid reason for receiving a decrypt-cert-validation error?
Which is not a valid reason for receiving a decrypt-cert-validation error?
Decrypt-cert-validation errors occur due to issues with the certificate itself, such as it being expired, having an unknown status, being issued by an untrusted issuer, or there being a status verification time-out. Unsupported HSM refers to hardware security modules, which are unrelated to the validation of a certificate's status within this context. Client authentication issues are not related to the certificate validation process and thus are not a valid reason for receiving a decrypt-cert-validation error.
Correct: A The question reads, "Which is NOT a valid reason for receiving a decrypt-cert-validation error?" Per the link "hamshoo" provided, receiving the decrypt-cert-validation error is valid for the following conditions: expired, untrusted issuer, unknown status, or status verification time-out. "Unsupported HSM" is not a valid reason for receiving a decrypt-cert-validation error.
Option 'A' Should be the answer as the question says "what is not a valid reason". HSM is not the valid reason
decrypt-cert-validation error would appear for SSL Forward Proxy. HSM is used to hold the private key for SSL Inbound Inspection, so an HSM issue is NOT a valid reason. Answer is A.
To not to trick people they should put NOT in uppercase in the question, I am not sure what is the point of trying to ask tricky questions!
@Hamshoo, yes you are right I was thinking about HSM (Hardware security module), but then read the question very carefully and it said "decrypt cert validation" which one of the options is untrusted issuer, so yes D is right!
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs/decryption-log-errors-and-error-indexes
Answer is D: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-new-features/networking-features/ssl-ssh-session-end-reasons
Correct answer is A