Export Certificates and Keys
Table of Contents
Expand all | Collapse all
-
- Upgrade a Firewall to the Latest PAN-OS Version (API)
- Show and Manage GlobalProtect Users (API)
- Query a Firewall from Panorama (API)
- Upgrade PAN-OS on Multiple HA Firewalls through Panorama (API)
- Automatically Check for and Install Content Updates (API)
- Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API)
- Configure SAML 2.0 Authentication (API)
- Quarantine Compromised Devices (API)
- Manage Certificates (API)
-
- Asynchronous and Synchronous Requests to the PAN-OS XML API
- Run Operational Mode Commands (API)
- Apply User-ID Mapping and Populate Dynamic Groups (API)
- Get Version Info (API)
-
- PAN-OS REST API
- Access the PAN-OS REST API
- Resource Methods and Query Parameters (REST API)
- PAN-OS REST API Request and Response Structure
- PAN-OS REST API Error Codes
- Work With Objects (REST API)
- Create a Security Policy Rule (REST API)
- Work with Policy Rules on Panorama (REST API)
- Create a Tag (REST API)
- Configure a Security Zone (REST API)
- Configure an SD-WAN Interface (REST API)
- Create an SD-WAN Policy Pre Rule (REST API)
- Configure an Ethernet Interface (REST API)
- Update a Virtual Router (REST API)
- Work With Decryption (APIs)
Export Certificates and Keys
Use the following procedure to export certificates
and keys.
- To export certificates and keys, specify query
parameterscertificate-name,format,
andpassphrase: https://<firewall>/api/?key=apikey&type=export&category=<certificate> &certificate-name=<certificate_name> &passphrase=<passphrase> &format=<pkcs12><pem><pkcs10> &include-key=<yes><no>&vsys=<vsys> <omit this parameter to import it into a shared location>
- certificate-name—name of the certificate object on the firewall
- passphrase—required when including the certificate key
- format—certificate format:pkcs12,pem, orpkcs10
- include-key—yes or no parameter to include or exclude the key
- vsys—virtual system where the certificate object is used. Ignore this parameter if the certificate is a shared object.
You can use the example above to export a certificate signing request (CSR). If you do so, then specify the following two parameters as shown:- format—pkcs10
- include-key—no
- Confirm that the XML response includes the certificate:
-----BEGIN CERTIFICATE----- MIIDXTCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3Df BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVx aWRnaXRzIFB0eSBMdGQwHhcNMTExMjMxMDg1OTQ0WhcNMT <!-- TRUNCATED --> -----END CERTIFICATE-----