"Resolving Trust Error in Wireless Networks - Exam SY0-601 Answer"

"Solution for Trust Error in Wireless Networks"

Prev Question Next Question

Question

A company has two wireless networks utilizing captive portals.

Some employees report getting a trust error in their browsers when connecting to one of the networks.

Both captive portals are using the same server certificate for authentication, but the analyst notices the following differences between the two certificate details: Certificate 1 - Certificate Path: Geotrust Global CA - *company.com Certificate 2 - Certificate Path: *company.com Which of the following would resolve the problem?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

The issue in this scenario is that some employees are receiving trust errors in their browsers when connecting to one of the wireless networks that utilizes a captive portal.

Both captive portals use the same server certificate for authentication. However, the analyst notices that there are differences in the certificate details. Certificate 1 uses a certificate path of "Geotrust Global CA - *company.com", while Certificate 2 uses a certificate path of "*company.com".

The difference in the certificate path can cause the trust error because some browsers may not trust the certificate path used by Certificate 1.

To resolve this issue, the company should use a wildcard certificate, as this would cover all subdomains under *company.com. This would allow both captive portals to use the same certificate path, thus eliminating the trust error.

Certificate chaining could also be a possible solution, as it involves using multiple certificates to establish trust. However, this would require additional configuration and management, which may not be necessary in this scenario.

Using a trust model or an extended validation certificate would not resolve this specific issue. A trust model refers to a framework for establishing trust between entities, while an extended validation certificate provides additional validation of the certificate owner's identity, but does not address the certificate path issue.