19

I am attempting to import a .pfx certificate on a MacBookPro with 10.10. As I import the cert I am prompted to enter a password for the cert. I created the cert and I know there is no password. I cannot leave the password field blank as it results in an "Sorry, you entered an invalid password." error. Is there a way to import a .pfx certificate that is not encypted with a password?

Nate Hancock
  • 191
  • 1
  • 4
  • I guess that your pfx file is in fact using a "carriage return" as a password, which is wrongly interpreted by Keychain. I would upate the password of your PFX file – Jofre May 04 '16 at 18:08
  • Try importing your cetrificate on windows or converting it to .cer certificate. – Jehy May 10 '16 at 09:33
  • Also, if you tried GUI, try using command line now: http://stackoverflow.com/questions/23410890/add-import-certificate-with-password-via-command-line-mac-os-x – Jehy May 10 '16 at 12:03
  • did you find a way to import pfx without password? Facing the same situation here. – benzhang Mar 30 '17 at 17:32

2 Answers2

7

Assuming you don't need to import the private key, you can extract the certificate from the pfx file on a machine with openssl installed using the command below.

openssl pkcs12 -in [inputFile.pfx] -nokeys -out [outputFile.cer]

If you need to import the private key to OSX, or don't have a machine with openssl, you could try importing the pfx in Windows & exporting either just the cert to a cer file or the cert & key to a new pfx with a password.

I'm not sure how you wound up with a pfx that has no password in the first place, because they contain the associated private key a password is typically required.

Steve
  • 355
  • 4
  • 15
  • This helped me so I can attempt to add cer file. Unfortunatelly my cer has exppired (but still valid for my vpn provider) and it looks like I can't add it to the keychain. Any idea how to do that? – Amorphous Nov 09 '16 at 23:06
  • it looks like a p12 without a password can be imported into the System keychain but a user keychain requires a password on the p12. – J'e Oct 07 '19 at 15:10
0

Add a password and save to a new file.

openssl pkcs12 -in InFile.pfx -password pass:"" -passin pass:"" -passout pass:"InsertPasswordHere" -out "OutFile.pfx"

Then just double click the new file, and enter the password that you put in the command.

starball
  • 20,030
  • 7
  • 43
  • 238
Benjamin McGuire
  • 11
  • 1