Verify Private Key Blocking
Focus
Focus

Verify Private Key Blocking

Table of Contents

Verify Private Key Blocking

Confirm that private keys are blocked and cannot be exported.
You can verify whether a private key is blocked from export in several ways.
  • Check the Key column in DeviceCertificate ManagementCertificates, then Device Certificates.
    In this example, the forward-trust-certificate is blocked:
  • When you attempt to export a certificate whose private key is blocked from export, the Export Private Key checkbox is not available and you can’t export the key, you can only export the certificate.
  • Use the following operational CLI command to list all certificates on the device or in a particular Vsys that have private keys blocked from export:
    admin@pa-220> request certificate show-blocked <shared | vsys>
  • Use the following operational CLI command to check whether a particular certificate’s private key is blocked from export:
    admin@pa-220> request certificate is-blocked certificate-name <name>
    If the certificate is blocked from export, the command returns yes and if the certificate is not blocked the command returns no.