Refer to the exhibit
A FortiGate device is configured to authenticate SSL VPN users using digital certificates. A partial FortiGate configuration is shown in the exhibit.
Referring to the exhibit, which two statements about this configuration are true? (Choose two.)
A. The authentication will fail if the user certificate does not contain the user principal name (UPN) information.
B. The authentication will fail if the user certificate does not contain the CA_Cert string in the CA field.
C. The authentication will fail if the OCSP server is down.
D. OCSP is used to verify that the user-signed certificate has not expired.