Storing TLS Private Keys in Encrypted Format
By default, the device stores all TLS private keys encrypted. This enhances security, particularly in container-based deployments where host disk files may be accessible to users.
To enable or disable this feature, use the following parameter:
| ■ | CLI: configure network > security-settings > encrypt-private-key-files |
| ■ | Ini File: [EncryptPrivateKeyFiles] |
| ● | For new device installations of Version 7.6.100 and later, private TLS keys are stored on disk in encrypted format. For devices that are upgraded from an earlier version, the feature is disabled by default. |
| ● | If you enable the feature and then downgrade to an earlier version, the TLS keys are deleted. To prevent this, disable the feature prior to downgrading. |