60

I am struck with a problem. I installed the p12 certificates once into a MacBookPro and then deleted it, now when I am again trying to install it. Keychain is simply not accepting the certificate for strange reason.

After some googling, I hit upon this link: http://www.openradar.me/7092640

Which clearly says that there is a bug with Keychain and states a workaround too. But unfortunately I do not have the .pem file, since I have not made a backup of it thinking that p12 file is sufficient (which actually is, if not for this bug!). So how do I get the .pem file so that I can install the certificates back onto the same laptop using this workaround?

Thanks for any suggestions / ideas. Raj

Raj Pawan Gumdal
  • 7,390
  • 10
  • 60
  • 92
  • 5
    http://www.openradar.me/7092640 worked for me. "security import priv_key.p12 -k ~/Library/Keychains/login.keychain" and "security import pub_key.pem -k ~/Library/Keychains/login.keychain" – Tod Cunningham Mar 08 '13 at 15:55

5 Answers5

105

Quoting http://www.openradar.me/7092640:

You can use the 'security' command line tool:

security import priv_key.p12 -k ~/Library/Keychains/login.keychain

security import pub_key.pem -k ~/Library/Keychains/login.keychain

https://stackoverflow.com/a/16847082/14731 contains a similar answer.

Community
  • 1
  • 1
Gili
  • 86,244
  • 97
  • 390
  • 689
  • 4
    The Keychain UI failed to import my .pem file, but this command worked and the imported cert+key show up in Keychain. – lionello Feb 23 '14 at 11:37
  • The keychain UI gave me an Error -29254 which doesn't actually show up in a google search. Hopefully this will fix that problem. This worked, and afterwards, the UI worked. – boatcoder Aug 31 '19 at 03:16
  • This woked for me. I update macOS, my keychain folder deny my permission. – Tim Nov 25 '19 at 03:38
  • Had to use 'sudo' to import to System keychain for bamboo, but it worked, thanks – Alex K Apr 16 '20 at 08:12
  • 4
    That gives error: `security: SecKeychainItemImport: Unknown format in import.` – Sazzad Hissain Khan May 04 '21 at 07:01
17

1., open Keychain Access. 2., On the Keychains panel right click on login. Select Lock Keychain "login". 3., Then unlock it. Then the import should work.

Mr. G
  • 405
  • 4
  • 6
10

When you request a certificate, your Mac creates a public/private pair that will be used to download the certificate from Apple. This is why you can't download the resulting certificate from another Mac that doesn't have the original pair.

If you deleted the original pair, you have to re-import it first. If you don't have both halves of the pair, you may have request a new certificate from scratch.

If you have the originals and it won't import them to the login keychain, you might try creating a new keychain to use in the account with the "KeyChain Access" utility. If it imports the information, the Mac should be able to find it as long as you leave the new keychain open.

Walt Sellers
  • 3,806
  • 30
  • 35
1

go to keychain Select the Login option then select the My certificates option. If you had earlier expired certificates for the same client delete that. Then Again try to save the latest certificates in the keychain. This worked for me.

Pratima
  • 41
  • 3
0

None of the posted solutions until now worked for me but the below one,

  1. Open Keychain -> login -> Certificates

  2. See if any of the certificated related to Apple (i.e. developer id certification authority, apple worldwide developer relations certification authority etc.) is expired. If so download the certificates from Apple site (Google yourself)

  3. See if any of the certificated related to Apple is not verified/trusted. If so the make it trusted by system using below steps (4~7),

    1. Right click to certificate
    2. Click in Get Info option
    3. Set Trust-> Always Trust
    4. Close and give system password when asked

  4. Now force close the Keychain app and try installing certificates again. This time it works!

Sazzad Hissain Khan
  • 37,929
  • 33
  • 189
  • 256