CompTIA Security+ Exam: Installing X.509 Certificates on Multiple Servers

How to Install X.509 Certificates on Three Servers

Prev Question Next Question

Question

A security engineer must install the same x.509 certificate on three different servers.

The client application that connects to the server performs a check to ensure the certificate matches the host name.

Which of the following should the security engineer use?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

SAN = Subject Alternate Names.

The best option for the security engineer to install the x.509 certificate on three different servers and ensure that the client application can validate the certificate based on the hostname is to use a certificate utilizing the SAN (Subject Alternative Names) file.

SAN is an extension to the x.509 certificate standard that allows multiple hostnames to be included in a single certificate. When a client application connects to the server, it checks the hostname on the certificate to ensure that it matches the hostname of the server it is trying to connect to. With SAN, multiple hostnames can be included in a single certificate, which allows it to be used for different servers with different hostnames.

Option A, a wildcard certificate, is not the best solution in this scenario. While a wildcard certificate can be used for multiple subdomains, it cannot be used for different domains or hostnames. For example, a wildcard certificate for *.example.com can be used for www.example.com, mail.example.com, and any other subdomains of example.com, but it cannot be used for a completely different domain like www.example.net.

Option B, an extended validation certificate (EV certificate), provides additional validation steps beyond a standard x.509 certificate. However, it does not address the issue of having the same certificate installed on multiple servers with different hostnames.

Option C, certificate chaining, refers to the process of using multiple certificates in a chain of trust to validate a certificate. It is not directly related to the issue of installing the same certificate on multiple servers with different hostnames.

Therefore, the best option is to use a certificate utilizing the SAN file, which allows for multiple hostnames to be included in a single certificate and can be used for different servers with different hostnames.