A Linux administrator is configuring a new public-facing e-commerce web server. The primary requirement is to ensure that customers' web browsers automatically trust the server's identity and that all communication is encrypted without generating security warnings. Which of the following actions should the administrator take?
Copy the server's SSH public key and configure the web server to use it for TLS.
Generate a self-signed certificate using openssl and install it on the web server.
Obtain a TLS certificate from a publicly trusted Certificate Authority (CA).
Configure the web server to use the default 'snake oil' certificate provided by the Linux distribution.
The correct action is to obtain a TLS certificate from a publicly trusted Certificate Authority (CA). Web browsers and operating systems maintain a list of trusted root CAs. When a browser connects to a server, it verifies that the server's TLS certificate is signed by a CA in its trust store, establishing a valid chain of trust. This prevents security warnings and assures users of the site's authenticity.
Generating a self-signed certificate, either manually with openssl or by using a default 'snake oil' certificate, is not appropriate for a public e-commerce site. Because these certificates are not signed by a trusted CA, browsers will display a prominent security warning, which would deter customers. SSH keys are used for securing remote administrative access (e.g., shell sessions) and are not used for securing web traffic with TLS/HTTPS; the two systems serve different purposes and are not interchangeable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Certificate Authority (CA) and why is it important?
Open an interactive chat with Bash
Why is a self-signed certificate insufficient for public websites?
Open an interactive chat with Bash
How does TLS/SSL encryption work to secure communication?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access