Verify Private Key Blocking
Table of Contents
Verify Private Key Blocking
Confirm that private keys are blocked and cannot be exported.
You can verify whether a private key is blocked
from export in several ways.
- Check the Key column
in .In this example, the forward-trust-certificate is blocked:
![]()
- When you attempt to export a certificate whose private key is blocked from export, the Export Private Key checkbox is not available and you can’t export the key, you can only export the certificate.
- Use the following operational CLI command to list all
certificates on the device or in a particular Vsys that have private
keys blocked from export:
admin@pa-220> request certificate show-blocked <shared | vsys> - Use the following operational CLI command to check whether
a particular certificate’s private key is blocked from export:
admin@pa-220> request certificate is-blocked certificate-name <name>If the certificate is blocked from export, the command returns yes and if the certificate is not blocked the command returns no.
