A systems administrator is helping to secure a new web application.

The correct answer is A. The certificate was not signed by a trusted authority, which was forcefully ignored during the tests. The key indicator in the output is the message: “SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.” This error means that the client system cannot validate the certificate chain because it does not recognize or trust the certificate authority (CA) that issued the server certificate.

In TLS/SSL validation, the client must verify that the server’s certificate chains up to a trusted root CA present in the local trust store. If the issuer (in this case, ca1.comptia.org) is not included in the client’s trusted certificate authorities, the verification fails. However, the phrase “continuing anyway” indicates that the validation failure was bypassed—likely due to a testing flag such as -k or --insecure in curl—allowing the connection despite the trust issue.

Option B is incorrect because the certificate validity dates show it is valid from 2024 to 2034, not expired.

Option C is incorrect because wildcard certificates (e.g., *.newapp.comptia.org) are commonly used and not inherently insecure when properly managed.

Option D is incorrect because the cipher suite shown (ECDHE-RSA-AES256-GCM-SHA384) is considered strong and modern, not outdated.

From a Linux+ security perspective, proper certificate validation is critical. Administrators should ensure that the issuing CA is trusted by installing the correct CA certificates rather than bypassing validation, which exposes systems to man-in-the-middle attacks and other security risks.