Free Preparation Discussions
MENU
Ping Identity PAP-001 Exam - Topic 3 Question 12 Discussion
Topic #: 3
A company uses an internally based legacy PKI solution that does not adhere to the Certification Path Validation section of RFC-5280. Which configuration option needs to be enabled when creating Trusted Certificate Groups in PingAccess?
Legacy PKIs often provide certificate chains that are out of order or non-compliant with RFC-5280 path validation. PingAccess provides an option in Trusted Certificate Groups called Validate disordered certificate chains to allow chaining even if the order is not RFC-5280 compliant.
Exact Extract:
''Enable Validate disordered certificate chains when the certificate chain is not in RFC-5280 compliant order but should still be accepted.''
Option A is incorrect; using the Java trust store is unrelated to PKI ordering.
Option B is correct --- this setting allows PingAccess to process disordered certificate chains.
Option C is incorrect; date checks are unrelated to RFC-5280 path ordering.
Option D is incorrect; revocation status handling does not address legacy PKI ordering issues.
Dalene
4 days agoWayne
9 days agoKara
14 days ago