2

The OS seems to be incorrectly listing multiple identities, even though only one was installed.

Here are my keychains (security list-keychains)

"/Users/mateuscb/Library/Keychains/login.keychain"
"/Library/Keychains/System.keychain"

I list identities, and it comes back with zero identies.

I then import it via the following command line:

security import "~/mycert.p12" -k "/Users/mateuscb/Library/Keychains/login.keychain" -t cert -f pkcs12 -P password`

When I list identities, I now get this (security find-identity):

Valid identities only
 1) 7E0B7E829EBF27EEC57CC796F948D7C2D9A91330 "Developer ID Application: The Company Inc."
 2) 7E0B7E829EBF27EEC57CC796F948D7C2D9A91330 "Developer ID Application: The Company Inc."

even more weird, is if specifying the keychain, I only get one (security find-identity login.keychain). And the System.keychain is always empty.

I've also rest my keychains (KeyChain access) multiple times.

mateuscb
  • 10,150
  • 3
  • 52
  • 76

1 Answers1

5

As it turns out, the reason for this was caused by the private key of my certificate left behind in the System Keychain from a previous incorrect import. I went and deleted the cert from the System Keychain thinking it deletes the private key, when in fact it doesn't.

It was actually the answer to another post that enlightened me to the notion that deleting the cert, does not delete the private key. Even though visually it shows the private key under it.

Community
  • 1
  • 1
mateuscb
  • 10,150
  • 3
  • 52
  • 76
  • 2
    Thank you! I had been banging my head on the desk and your answer cleared it up. So just to confirm, here's what fixed it for me... 1) readding the cert to system keychain 2) deleting the identity/private key underneath the cert in the system keychain 3) deleting the cert in the system keychain. – Brian Clifton Jun 13 '17 at 00:11