User profile for user: enduro99kb
enduro99kb Author
User level: Level 1
9 points

Problem to import PFX (SSL client certificates) file to the MAC OS keychain (Ventura OS version)

Hello, I have problem to import SSL certificate (PFX file) to the Mac OS Keychain after upgrade to the Ventura OS version. It is complaining that I'm providing incorrect password. I'm sure I'm providing correct password for the certificate file. I'm able to import the same certificate to the browser on the Linux (Ubuntu machine) that proves the certificate file and used password is correct. Issue is isolated to the Mac OS Ventura update.

I appreciate for help.

Regards,

Piotr

MacBook Pro 14″

Posted on Jan 2, 2023 01:28 AM

Reply
Question marked as Top-ranking reply
User profile for user: James Brickley
James Brickley
User level: Level 5
5,614 points

Posted on Jan 2, 2023 08:25 PM

Try to import from Terminal instead of the GUI Keychain Access App. 


security import certificate.pfx -k ~/Library/Keychains/login.keychain -P \$tup1dP@ssw0rd


The \ prior to the $ in the example password is called an escape character because $ has special meaning on the command line you need to escape it with \$. If you use an & you would have to escape that as well \&.


To import to the system keychain you'll need to use 'sudo' and that means you must be an administrator and have sudoer privileges.


sudo security import certificate.pfx -k /Library/Keychains/System.keychain -P \$tup1dP@ssw0rd


If your "certificate name.pfx" has a space in it. You'll need to enclose it in single or double quotes or escape the space in the name like certificate\ name.pfx.






View in context

Similar questions

2 replies
Question marked as Top-ranking reply
User profile for user: James Brickley
James Brickley
User level: Level 5
5,614 points

Jan 2, 2023 08:25 PM in response to enduro99kb

Try to import from Terminal instead of the GUI Keychain Access App. 


security import certificate.pfx -k ~/Library/Keychains/login.keychain -P \$tup1dP@ssw0rd


The \ prior to the $ in the example password is called an escape character because $ has special meaning on the command line you need to escape it with \$. If you use an & you would have to escape that as well \&.


To import to the system keychain you'll need to use 'sudo' and that means you must be an administrator and have sudoer privileges.


sudo security import certificate.pfx -k /Library/Keychains/System.keychain -P \$tup1dP@ssw0rd


If your "certificate name.pfx" has a space in it. You'll need to enclose it in single or double quotes or escape the space in the name like certificate\ name.pfx.






Reply
User profile for user: enduro99kb
enduro99kb Author
User level: Level 1
9 points

Jan 2, 2023 11:48 PM in response to James Brickley

Hello James,

thank you for your answer. I do have local admin. Attempt to import via terminal is ending with the same error:


% security import client_cert_name.pfx  -k ~/Library/Keychains/login.keychain -P password
security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)


I'm sure the password is correct as I'm providing it during certificate export.


Certificate export is using the following command:


% openssl pkcs12 -inkey client_cert_name.key -in piotr_michalski_cert.crt -export -out client_cert_name.pf
x
Enter Export Password:
Verifying - Enter Export Password:



Regards,

Piotr

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Problem to import PFX (SSL client certificates) file to the MAC OS keychain (Ventura OS version)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up