Importing certificate with private key gives error "block-private-key unexpected here"

Importing certificate with private key gives error "block-private-key unexpected here"

10955
Created On 05/13/22 17:12 PM - Last Modified 04/24/24 17:55 PM


Symptom


  • Getting upload error as upload-> private-key-block-private-key unexpected here, upload -> private key is unexpected
  • Customer trying to import certificate with private key into the firewall by context switching through Panorama. image.png

Environment


  • Panorama running PAN-OS 10.x
  • Palo Alto Firewall running PAN-OS 9.x
  • Using Context Switching to log into the Firewall through Panorama. 

Cause


  • Starting PAN-OS 10.x a new feature Block Private Key Export is introduced.
  • When Panorama on PAN-OS 10.x context switches to firewall on PAN-OS 9.x or 8.x, it causes discrepancies in the certificate import of private key, since the firewall is missing the new functionality.

Resolution


  1. Login directly to the firewall and upload the certificate (No context switching through Panorama).
  2. Upload the certificate with private key into the Panorama and then push it to the firewall(s).
  3. Upgrade firewall to 10.x to use context switching through Panorama. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CpaUCAS&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language