Verify Private Key Blocking
Focus
Focus

Verify Private Key Blocking

Table of Contents

Verify Private Key Blocking

Confirm that private keys are blocked and cannot be exported.
You can verify whether a private key is blocked from export in several ways.
  • Check the
    Key
    column in
    Device
    Certificate Management
    Certificates
    Device Certificates
    .
    In this example, the forward-trust-certificate is blocked:
  • When you attempt to export a certificate whose private key is blocked from export, the
    Export Private Key
    checkbox is not available and you can’t export the key, you can only export the certificate.
  • Use the following operational CLI command to list all certificates on the device or in a particular Vsys that have private keys blocked from export:
    admin@pa-220> request certificate show-blocked <shared | vsys>
  • Use the following operational CLI command to check whether a particular certificate’s private key is blocked from export:
    admin@pa-220> request certificate is-blocked certificate-name <name>
    If the certificate is blocked from export, the command returns
    yes
    and if the certificate is not blocked the command returns
    no
    .

Recommended For You