Verify Private Key Blocking

Confirm that private keys are blocked and cannot be exported.
You can verify whether a private key is blocked from export in several ways.
  • Check the
    Key
    column in
    Device
    Certificate Management
    Certificates
    Device Certificates
    .
    In this example, the forward-trust-certificate is blocked:
    verify-private-key-block-key-columns-v2.png
  • When you attempt to export a certificate whose private key is blocked from export, the
    Export Private Key
    checkbox is not available and you can’t export the key, you can only export the certificate.
  • Use the following operational CLI command to list all certificates on the device or in a particular Vsys that have private keys blocked from export:
    request certificate show-blocked <shared | vsys>
  • Use the following operational CLI command to check whether a particular certificate’s private key is blocked from export:
    request certificate is-blocked certificate-name <name>
    If the certificate is blocked from export, the command returns
    yes
    and if the certificate is not blocked the command returns
    no
    .

Recommended For You