Generate a Private Key and Block It

Secure private keys that you generate on PAN-OS devices by blocking key export.
Block the export of a private key to prevent its misuse after generating a certificate.
  1. Select
    Certificate Management
    Device Certificates
    If there is more than one virtual system, select a
    for the certificate.
  2. Generate
    the certificate.
  3. Select
    Block Private Key Export
    to prevent anyone from exporting the certificate.
    See Generate a Certificate for information about the other certificate fields.
  4. Click
    to generate the new certificate.
    You can also generate a certificate and block its private key from export using the operational CLI command:
    admin@pa-220> request certificate generate block-private-keys yes
    The preceding CLI command can also include the certificate and other parameters that are not shown.

Recommended For You