Which of the following statements are true about the SSL Proxy certificate that must be used for SSL Content Inspection? (Choose two.)
A. It cannot be signed by a private CA
B. It must have either the field "CA=True" or the filed "Key Usage=KeyCertSign"
C. It must be installed in the FortiGate device
D. The subject filed must contain either the FQDN, or the IP address of the FortiGate device
Not sure about what certicate is related the question. If its talking about the Fortigate CA certificate or the certicate generated by Fortigate(and signed by the Fortigate CA certificate) that is send to the web browser…
In case that it is related to the CA certificate…
It couldn´t be B, because It must have the field “CA=True” AND the filed “Key Usage=KeyCertSign”
And I think that it cant be A also, as it is a self signed certificate, therefore a private CA.
So I guess the correct ones are C and D.
B,C