Which approach meets the two customer requirements?

SSL Forward Proxy decryption is configured but the firewall uses Untrusted-CA to sign the website https //www important-website com certificate End-users are receiving me "security certificate is not trusted is warning Without SSL decryption the web browser shows that the website certificate is trusted and signed by a well-known certificate chain Well-Known-lntermediate and Well-Known-Root- CA.

The network security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:

1 End-users must not get the warning for the https://www.very-important-website.com website.

2 End-users should get the warning for any other untrusted website

Which approach meets the two customer requirements?

A. Navigate to Device > Certificate Management > Certificates > Device Certificates import Well-Known-lntermediate-CA and Well-Known-Root-CA select the Trusted Root CA checkbox and commit the configuration

B. Install the Well-Known-lntermediate-CA and Well-Known-Root-CA certificates on all end-user systems m the user and local computer stores

C. Navigate to Device > Certificate Management – Certificates s Default Trusted Certificate Authorities import Well-Known-intermediate-CA and Well-Known-Root-CA select the Trusted Root CA check box and commit the configuration

D. Clear the Forward Untrust Certificate check box on the Untrusted-CA certificate and commit the configuration

View Answer

Answer: C