A company wants to ensure that the validity of publicly trusted certificates used by its web server can be
determined even during an extended internet outage. Which of the following should be implemented?
4 Comments on “Which of the following should be implemented?”
How can this be answer B?
Question states during an internet outage.
Answer has to be C: CRL
I could be wrong but you would need to download the CRL, but you won’t be able to do so if the AC is offline. OCSP on the other hand, OCSP stabling eliminates the need for a browser to request the OCSP response directly from the CA.
I believe the provided answer is correct.
OSCP generally makes use of HTTP or HTTPS for transport. So in case of an Internet outage, you cannot use it.
After thinking about it and reading the question again, it says “Publicly trusted certificates” and to get those certificates you would have to download then into your CRL which is accessible while there is no internet. So technically yes it would be from the OCSP.