Create a new user account on your Mac (using System Preferences > Users & Groups).
Log in is that account.
Try to import the certificate there.
My suggestion wasn’t a workaround but rather a diagnostic test. You should see one of two results:But I don't think it'll work cause it's working account and I need to
…
The import succeeds — In this case it seems likely that there’s something broken about the keychain on the original account.
The import fails in the same way — That suggests that there’s something broken about the certificate (which would be weird).
In case of someone stumble upon this error : I'm running Catalina 10.15.7 here. I downloaded the certificate file, following these instructions :
Create a certificate signing request
When launching the certificate installer, a popup box shows up and asks in which keychain you want to install it. I first selected iCloud keychain, then I got this error.
I launched it again and I selected the 'System' keychain location and then it worked. (not sure why and if this will work for others but it worked for me).
I ran into this error. For me, the problem ended up being that in the import dialog, the keychain selected was "Local Items". Picking "login" from the dropdown fixed the error.
the keychain selected was "Local Items".
Ah, that’s interesting. Local Items is Keychain Access speak for the data protection keychain [1]. That keychain can hold certificates but it would need very different import code and so it’s not a huge surprise that you run into the problem. Still, that’s definitely a bug and I’ve filed it as such (r. 87671054).
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] If you’re not familiar with the subtleties of keychains on the Mac, see my On Mac Keychains post.
The tip about the target keychain really saved my bacon. I was trying to get the Root Certificates for Charles Proxy installed and only received error code -25294 when using its default "Help -> SSL -> Install Charles Root Certificate" option. I then exported the root certificate as a PEM file and tried importing it manually and got the same error. Upon reading this post, I realised there was a almost hidden option I had not taken into account:
(This is using Norwegian language settings, so "Valg" means "Options").
Pressing that gave me the options of
Choosing system seems to have worked.
Charles Proxy is only listed as supported macOS 10.15, so no wonder.
@eskimo I was unable to import into "login", "System", or "iCloud" keychains, but was able to import into "accountsKeychainExport". What is that? It seems very sus.
In any case, I have TWO of these "accountsKeychainExport" keychains in my system, and both are empty, even after import.
I had the inspiration to try dragging the .cer file from the Finder into my login keychain, and that seemed to work, but it says the certificate is not trusted:
(I’ve redacted identifying info; note that the selected cert replaces the last cert in that list, set to expire in a month.)
Ah, I had to DL a newer Apple intermediate certificate from here (specifically, the G4 cert). That seems clunky.
macOS 21F79 on M1 Max MBP.
I understand that I may be three years late in responding. But I encountered the same problem. And I found it to be a trust issue. You just need to go to your certificates collection page and double-click on the untrusted certificate to edit the trust settings to be able to use it normally.
Unfortunately it looks like this issue still exists. iCloud is selected as default keychain when opening the certificate. I tried @Najjii solutions and clicked on "always trust" but it didn't work. However, choosing "System" or "login" instead of "iCloud" worked for me. Thank you @Matt_SoundFingers & @dceddia.
Is there any information why this does not work with iCloud Keychain? Any news about the bug report you've filed @DTS Engineer?