Which statement about generating a certificate signing request (CSR) for a CER certificate is true?
A.
Inaccurate or missing fields in the CSR will prevent the CA from validating the request, leading to the rejection of the certificate and possible delays in the deployment process.
B.
If key fields like the common name (CN) and organization (O) are incorrect, the certification authority (CA) will still issue the certificate, but it may not be trusted by certain applications or systems that rely on accurate field information for validation.
C.
CSR fields are primarily used for internal recordkeeping by the requesting organization, and only the public key in the CSR must be accurate for successful certificate signing.
D.
The fields in the CSR are primarily for documentation purposes; any missing or incorrect information will be automatically corrected by the CA during the signing process.
The FortiOS documentation explicitly states that a CSR used for certificate signing must contain accurate and valid fields, especially:
Common Name (CN)
Organization (O)
Country (C)
Public key parameters
According to the FortiGate certificate section:
Incorrect CSR field information can cause the CA to reject the request.
Reasons include:
The CA validates identity and organizational information.
Missing or malformed data invalidates PKI requirements.
The CSR is not corrected automatically by the CA.
Therefore:
✔A is correct.
Options B–D contradict PKI principles:
B is false: CAs do not issue certificates with mismatched identity fields for public trust.
C is false: CSR fields are not only for internal use; they define certificate identity.
D is false: CAs do not auto-correct CSR fields.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit