Q: 19
Per organizational requirements, an administrator has uploaded a signed SSL certificate to Prism for
Common Access Card (CAC) authentication.
Once the certificate has been uploaded successfully, the certificate appears to be valid but CAC
authentication is not functional.
What is a potential cause of this problem?
Options
Discussion
Option A makes sense here. Without a CRL, Prism can't verify if a certificate has been revoked, which breaks CAC auth even if the cert looks valid. I've seen similar issues in Nutanix docs. Pretty sure A is right, but correct me if I missed something.
A for me. Even with a valid, signed cert uploaded, Prism still needs a CRL to verify revocation status for CAC authentication. No CRL means the system can't complete the check and CAC login fails. I think that's how Nutanix handles certs, unless there's some org-specific OCSP requirement I'm missing here. Let me know if you see it differently.
I don't think it's C, since Prism needs a CRL even if the certificate is valid. A.
Pretty sure A here. Prism requires a CRL for CAC to work regardless of cert validity, so missing it breaks authentication.
Probably C, since OCSP not being enabled could mess with cert checks for CAC too.
Be respectful. No spam.
