Import a Private Key for IKE Gateway and Block It

Secure private keys for IKE Gateways that you import into PAN-OS devices by blocking key export.
Block the export of a private key to prevent its misuse after generating a certificate for IKE Gateway authentication.
  1. Select
    Network
    Network Profiles
    IKE Gateways
    .
  2. Add
    a new IKE Gateway.
  3. On the
    General
    tab, for
    Authentication
    , select
    Certificate
    .
  4. For
    Local Certificate
    select
    Import
    or
    Generate
    depending on whether you want to import an existing certificate or create a certificate.
  5. Enter the certificate information. If you are importing the certificate, select
    Import Private Key
    to activate the
    Block Private Key Export
    checkbox.
  6. Select
    Block Private Key Export
    to prevent anyone from exporting the key.
    For importing a certificate, enter and confirm the
    Passphrase
    and then click
    OK
    import-ike-cert-and-block-private-key.png
    For generating a certificate, click
    Generate
    .
    generate-ike-cert-and-block-private-key.png
  7. Enter the
    Passphrase
    , confirm it, and then click
    OK
    .

Recommended For You