Generate a Private Key and Block It

Secure private keys that you generate on PAN-OS devices by blocking key export.
Block the export of a private key to prevent its misuse after generating a certificate.
  1. Select
    Device
    Certificate Management
    Certificates
    Device Certificates
    .
    If there is more than one virtual system, select a
    Location
    or
    Shared
    for the certificate.
  2. Generate
    the certificate.
  3. Select
    Block Private Key Export
    to prevent anyone from exporting the certificate.
    See Generate a Certificate for information about the other certificate fields.
    generate-cert-and-block-private-key.png
  4. Click
    Generate
    to generate the new certificate.
    You can also generate a certificate and block its private key from export using the operational CLI command:
    request certificate generate block-private-keys yes
    The preceding CLI command can also include the certificate and other parameters that are not shown.

Recommended For You