Generate a Private Key and Block It
Focus
Focus

Generate a Private Key and Block It

Table of Contents

Generate a Private Key and Block It

Secure private keys that you generate on PAN-OS devices by blocking key export.
Block the export of a private key to prevent its misuse after generating a certificate.
  1. Select DeviceCertificate ManagementCertificates, then Device Certificates.
    If there is more than one virtual system, select a Location or Shared for the certificate.
  2. Generate the certificate.
  3. Select Block Private Key Export to prevent anyone from exporting the certificate.
    See Generate a Certificate for information about the other certificate fields.
  4. Click Generate to generate the new certificate.
    You can also generate a certificate and block its private key from export using the operational CLI command:
    admin@pa-220> request certificate generate block-private-keys yes
    The preceding CLI command can also include the certificate and other parameters that are not shown.