All Questions
Tagged with certificate keychain
105 questions
1
vote
0
answers
250
views
pkcs12 file exported with no password doesn't gets imported in macOS Sequoia 15.0 (24A335)
I exported the pkcs12 file which contains the Apple Distribution Certificate with the Private Key on macOS Sonoma 14 with no password.
I was able to import the same on different macOS Sonoma 14 ...
- 111
1
vote
1
answer
49
views
Deleting multiple keychains from Keychain Access
On macOS 10.14.6 Xcode 11.3.1 has been busy creating keychains (and keys, and certificates) in an endless loop while trying to "Automatically Manage Signing". It creates keys in new ...
- 2,166
0
votes
0
answers
147
views
Can't add a certificate to iCloud keychain
I generated a certificate with developer.apple.com for publishing my app in Apple App Store and downloaded .cer file. Doubly clicked on .cer file, selected "System" at the bottom-right ...
- 157
0
votes
1
answer
52
views
Cannot find duplicate root CA for development Safari claims to have
I use three Macs for development of a web application. On each of the Macs (macOS 14.4) I used mkcert to install a local CA and to issue developer certificates (all separately). Accessing the web app ...
- 187
0
votes
1
answer
43
views
Granular control over certificate trust settings
TL;DR I'm looking for a way to granularly control whether MacOS trusts a certificate for each individual purpose specified in the Basic Constraints (2.5.29.19), Key Usage (2.5.29.15), and Extended Key ...
- 193
1
vote
1
answer
221
views
How to sign an application bundle with the same display name as the installer package?
I can sign a bundle with "Mac Developer" identity which is connected to my Apple account user name (ie a "person").
I can sign the package (.pkg) that contains the bundle with a &...
- 113
1
vote
2
answers
175
views
How to stop keychain / Safari from storing identity preferences?
I have several digital certificates installed in my computer running macOS and stored on my keychain. Certain websites (normally from Spanish government) require user identification through these ...
- 115
7
votes
2
answers
11k
views
Mac: Import .p12 certificate into the Keychain via command line
I'm trying to import .p12 certificate into the keychain on my Mac via bash script. So far, I've been trying:
sudo security import command.
It returns that import was successful but, in fact, it ...
- 171
0
votes
1
answer
1k
views
Apple mail can't verify certificate
I have set up a local mail server on our NAS to backup mails.
For some time now Apple Mail can't verify the certificate.
I found this Apple help post: https://support.apple.com/guide/mail/trust-a-...
- 251
2
votes
0
answers
2k
views
Codesign: The specified item could not be found in the keychain
I am trying to codesign one VST plugin in Terminal. I added a self-signed certificate to the login keychain. I try to codesign using the following command:
sudo codesign --force --deep --sign Ozone\ 9\...
- 121
2
votes
1
answer
584
views
iOS distribution certificates expiring for two apps from same team: Do I need to take separate actions?
I have two apps both associated with the same development team, and I've gotten notifications for both of them that Your iOS Distribution Certificate will no longer be valid in 30 days. I got these ...
- 481
0
votes
0
answers
1k
views
Cannot delete duplicate certificate
I have a duplicate certificate in my keychain which I cannot seem to be able to delete. If I delete it from the keychain app by first unlocking the system keychain and then right clicking and ...
- 822
0
votes
2
answers
5k
views
Many sites are displaying SSL Certificate invalid but their date is in the future and the computer's clock is fine
I reinstalled an old 2015 Apple computer today, and I ran into a few issues.
During system install, it failed because of some SSL issues, and I had to change the system's clock to prior 2017 for the ...
- 139
1
vote
0
answers
276
views
Export x509 Certificate from iPad
Question: Is there a way to export a public certificate from an iPad running the latest iOS? (PEM formatted Base64 if possible)
Scenario:
AirWatch manages our iPads.
There is a profile configured to ...
- 111
0
votes
2
answers
2k
views
Install a package with an expired certificate
I just noticed I can double-clik, open and install a .pkg package installer that has an expired certificate without any popup like "This package is from an developer whose certificate has expired&...
- 183
1
vote
1
answer
559
views
macOS - How do I change cert trust state from command line?
My workflow involves changing a cert installed in the system's trust states between 'Use Custom Settings' and 'Never Trust' (see the Keychain Access screenshot below).
How do I do this from command ...
- 1,862
0
votes
0
answers
168
views
There is an unknown developer's iPhone Distribution certificate in my keychain. Where does it come from?
I'm an iOS developer, and today I noticed that in my project's build settings, Xcode suggests a Code Signing Identity that I have never seen before. Turns out there is an iPhone Distribution ...
- 141
0
votes
2
answers
991
views
Is importing just the CA certificate to Keychain Access enough for trusting certs issued with that CA?
I've created a PKI with easy-rsa. I create keys for websites and sign them with my CA certificate. I imported the CA certificate into Keychain Access, clicked the cert name, and specified "...
2
votes
2
answers
6k
views
How to delete Self-Signed certificate from System Keychain (Big Sur)
I just can't find a way to delete the Self-Signed Root CA from Keychain under System.
When I open KeyChain I select System under System Keychains. Then I click on the File in menu and then click on ...
- 131
7
votes
1
answer
2k
views
Can I disable the certificate pinning checks on MacOS to relax proxy inspection detection?
I'm behind a proxy and some websites don't work, in particular ones related to MacOS update, app store etc. I imported the proxy certificate to the MacOS keychain.
When I go to https://apps.apple.com ...
- 71
1
vote
0
answers
66
views
macOS 11.6 "DST Root CA X3" certificate warnings
System: macOS 11.6.1
For an internal domain with Let's Encrypt, I am still getting outdated certificate warnings on Safari and Chrome. Firefox with its own store is fine.
I checked Keychain Access and ...
- 141
11
votes
1
answer
6k
views
App / curl still getting certificate expired error due to expired Let's Encrypt certificate
An open source app running on my macOS 10.13.6 and 10.14.6 system is failing to access a website via https that uses a Let's Encrypt certificate. If I use curl to access the same site, it also gets an ...
- 2,760
9
votes
2
answers
10k
views
iOS marked a certificate as "Expired" even though the certificate is still active and issued by a trusted authority
I am having a strange issue I cannot find the cause of: I have a website certificate issued on 31.07.2021 by letsencrypt.org and valid until 29.11.2021, however on my main iPhone (iOS 15) I get this ...
- 191
1
vote
2
answers
934
views
How to install an Automator action from unidentified developer?
I downloaded an APN certificate from Certificates, Identifiers & Profiles from the Apple Developer configuration pane. It's an .action file that I cannot open, though.
Do you want to install the &...
- 343
40
votes
8
answers
55k
views
How do I update my root certificates on an older version of Mac OS (e.g. El Capitan)?
I have difficulty reaching various secure web sites. They give me a certificate expired error. They work on Firefox but not Safari or Chrome. They also work on newer versions of macOS (e.g. Catalina, ...
- 1,201
0
votes
1
answer
140
views
Behaviour of development certificate in apple developer portal and keychain
This is a question regarding Apple Development Certificates. There are two parts:
Part 1: create and download certificates on apple developer portal.
Background:
I can download my teammates ...
- 103
2
votes
1
answer
3k
views
Big Sur Add trusted certificate via command line (Safari Can't establish a secure connection)
I am trying to have Safari stop preventing me from visiting one of my dev machines with an invalid cert.
I am trying to use the solution in this thread but install it using the CLI:
security add-...
1
vote
2
answers
620
views
Invalid certificate for a specific website
When trying to navigate to a specific website (amazon.com in my case) I always get the "NET::ERR_CERT_COMMON_NAME_INVALID" error in Chrome (and equivalent errors in Safari/other browsers). ...
- 143
5
votes
2
answers
13k
views
What is the macOS equivalent of Windows certificate store names?
On Windows, when retrieving information about certificates, they come from named certificate stores, such as "Trusted Root Certification Authorities" or "Trusted Publishers" - what ...
- 200
5
votes
0
answers
1k
views
Who creates /etc/ssl/cert.pem in MacOs
While using curl in verbose mode, I noticed the following line in the output:
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
*
I googled and found out that etc/ssl/...
- 151
2
votes
0
answers
809
views
Load .pem certificate to Apple KeyChain
When I drag my .pem certificate to the Apple Keychain it shows me "An error occurred. The content of this file cannot be recovered". Also I tried to double-click the .pem file but show me ...
- 21
0
votes
0
answers
164
views
Root CA certificate invalid on Mac
I have a root certificate authority file that works on Windows computers, but it is not accepted on Macs since macOS Catalina.
The file was imported into Keychain and marked as trusted in its ...
- 481
1
vote
2
answers
2k
views
Client certificate authentication fails with iOS 13.4.1 (works with 13.2.2)
I've previously posted this question and since then further investigated the issue.
The problem seems to be the latest iOS (13.4.1), which fails to send the client certificate upon authentication ...
- 11
3
votes
0
answers
884
views
"Safari can't establish a secure connection" and OmniFocus sync is broken
Symptoms
macOS 10.14.6, Safari 13.1, all updates applied.
Safari refuses to connect to some websites.
Safari Can't Open the Page [...] because Safari can't establish a secure connection to the ...
- 418
1
vote
1
answer
194
views
Creating SHA-2 certificate using keychain assistant
I am trying to enable https on my localhost (for testing). Using Keychain Assistant, I have created both a self-signed CA and a certificate issued by that same CA. I have enabled trust on the CA in ...
- 121
4
votes
3
answers
1k
views
Checking Certificates Meet Apple Requirements
is there a command or UI I can use to test certificates or diagnose why they aren't valid?
A while back Apple changed the requirements for TLS certificates, and announced dates from when those ...
- 684
0
votes
1
answer
3k
views
cannot sign iOS app in XCode - in a catch 22
I have built then Archived my iOS app now need to submit to Validate and push to app store
xcode says this on main page when checkmark off Automatic signing ... so do manual sign
then picked ...
- 301
2
votes
1
answer
531
views
Why are these corporate certificates pre-installed and is it safe to delete/"Never Trust" most/all of them?
I was going through this macOS Security and Privacy Guide repo, step by step, and found some good privacy tips. However, when I arrived at the Certificate Authorities section I got a little confused. ...
- 123
2
votes
1
answer
5k
views
How to convert a .cer file to .p12 without the keychain password?
I have to "codesign" a distribution certificate inside a .ipa file to deploy an in-house application for a company.
I have access to their developer account. The new provisioning profile had been ...
- 123
4
votes
2
answers
4k
views
How to see certificate for intermediate CA in Keychain?
When I check details of a certificate I only see information about the certificate itself. Is there any way to see the issuer’s certificate? In my case it’s an intermediate CA. The certificate that I ...
- 643
1
vote
2
answers
5k
views
How do you clear SSL leaf certificates mappings to particular domains
I visit my website using Chrome on macOS Mojave, for example, qa.abc.com, and the SSL leaf certificate is from customer-test.ssl.fastly.net. I recently updated the CNAME record in my DNS for qa.abc....
- 131
7
votes
2
answers
2k
views
Strange looking certificate in macOS Keychain
I need help with a strange looking certificate which has appeared in the Keychain of my Mac.
The name of the certificate is "A9936B80-41C7-4D34-8020-59C3E40A31A8 A98369B2-0C8C-4CF8-9921-015C5D9A4C86"....
user331752
0
votes
0
answers
121
views
How to mass-deploy a root certificate in a corporate environment
Our Windows administrator deploys a root CA certificate to all the machines through Group Policies, which works very well in a corporate setting. Is there something similar to this we can use for our ...
- 643
3
votes
0
answers
1k
views
Trust SSL certificate via terminal in MacOS
I'm trying to setup WPA2 with EAP-TLS authentication using certificates in pfx format.
As adding the certificate to the keychain and changing the Trust settings can be difficult for some users, I ...
- 41
1
vote
2
answers
2k
views
How to create an identity who can be used for signing code from custom certificate?
I want to codesign one of my applications by using my own certificate (not created with Keychain Access).
First, I create a v3.ext file:
keyUsage = digitalSignature
Then, I created my certificate ...
- 143
5
votes
1
answer
547
views
How to create /etc/certificates/*.{cert,chain,concat,key}.pem files without reboot?
I am trying to move from Comodo to Let's Encrypt certificates on OS X Server (10.7).
Something in Apple's server.app and ServerAdmin.app is broken. I can see and select newly imported certificates in ...
- 4,006
1
vote
0
answers
114
views
Which keychain holds user trusted certificates?
I tried to do a clean install of my El Capitan MacBook but realised that much of my keychain migrated over. When I went into keychain access it showed a number of different keychains. I reset the "...
- 477
3
votes
0
answers
959
views
Cannot export System.keychain Certificate from with private key as p12 via Terminal security export command
I have a machine certificate installed in system.keychain and want to export certificate with privet key via security export command.
But getting error :security: SecKeychainItemExport: User ...
- 41
2
votes
1
answer
2k
views
Problem loading images from googleusercontent
Recently switched from Chrome to Firefox Quantum and noticed that images from *.googleusercontent.com aren't loading because "The connection used to fetch the resource was not secure"
If I attempt to ...
- 135
8
votes
2
answers
18k
views
Apple Mail warning: Unable to verify message signature
After upgrading from Sierra to Mojave (macOS 10.14), Apple mail started to display the warning Unable to verify message signature above all signed and encrypted emails. When clicking on Details, it ...
- 2,050