The private key is securely stored on the device and cannot be exported as a separate file. If the certificate must be used on other devices, Pulse Secure recommends to generate the keys using a third party tool, then import them manually to the PCS / PPS device. It is also strongly recommended to ensure the private key is protected by a strong password and stored in a secure location.
When a certificate signing request (CSR) is generated on the PCS / PPS device, the private key is created and stored on the device. Once this has occurred, the private key is securely stored on the device and can only be exported as part of the system configuration. When the system configuration is exported, this data is encrypted by the software to ensure the data is secure.