I am trying to automate some certificate handling for our build system.
I am exporting my certificate using the following commands:
security create-keychain -p foobar tempKeyChain
security unlock-keychain -p foobar tempKeyChain
security add-certificates -k tempKeyChain afile.cer
security export -k tempKeyChain -t certs -f pkcs12 -o afile.p12
security delete-keychain tempKeyChain
The .p12 file generated looks good and I can open it with the "Keychain Access" app and the certificate loaded looks OK.
The problem is that the build scripts perform the following:
security create-keychain -p password mytest
security unlock-keychain -p password mytest
security set-keychain-settings -u -t 12000 mytest
security import afile.p12 -k mytest -T /usr/bin/codesign
1 certificate imported.
security set-key-partition-list -S apple-tool:,apple:,codesign: -k password mytest
security: SecItemCopyMatching: The specified item could not be found in the keychain.
Note the error returned by 'security set-key-partition-list' : "The specified item could not be found in the keychain."
If I take my afile.p12 load it into my key chain using the "Keychain Access" app and then export it from there as a p12 file and then execute the above code using the p12 file created by the the "Keychain Access" app the 'security set-key-partition-list' command works.
Can anyone explain this?
I have figured out what my problem was here.
The reason for the error from:security set-key-partition-list was that the certificate did not include a private key.
As for how to use security to export a certificate: in my case the answer is don't.
Use openssl to generate the .p12 certificate file:
openssl pkcs12 -export -out afile.p12 -inkey privte.key -in certificate.pem