security: SecKeychainItemImport: The user name or passphrase you entered is not correct.

I exported the pkcs12 file which contains the Apple Distribution Certificate with the Private Key on macOS 14 Sonoma with no password.

I was able to import the same on different macOS 14 Sonoma machines as follows:

security import \
  apple-distribution-hrk.p12 \
  -k /Users/hrk/Library/Keychains/non-default.keychain-db \
  -f pkcs12 \
  -P "" \
  -A

But when upgraded to macOS 15 Sequoia, running the above command gives me the following error:

security: SecKeychainItemImport: The user name or passphrase you entered is not correct.

Workaround:

I didn't have the Private Key of the original macOS 14 Sonoma from which the pkcs12 file was exported.

So, I had to create the new Certificate by uploading the Certificate Signing Request, download the .cer file, import it, and then export the pkcs12 file with some password.

Then I was able to import the pkcs12 file with the password.

Question

Can somebody point to the official documentation that refers to this Breaking Change?

Or is this the bug in macOS 15 Sequoia?

Answered by DTS Engineer in 805371022
Or is this the bug in macOS 15 Sequoia?

Well, it is from your perspective, and that’s all that really matters here. I commend that you file a bug about this. Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Or is this the bug in macOS 15 Sequoia?

Well, it is from your perspective, and that’s all that really matters here. I commend that you file a bug about this. Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@DTS Engineer Thanks for the quick response.

Filed the Feedback: FB15250516.

Thanks.

Can you attach an example .p12 to your bug? That’s likely to be useful for the investigation.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@DTS Engineer As the pkcs12 file contains the Private Key + Certificate, I would only share it if asked on the FB15250516.

Even thought the Certificate has been revoked, I am not sure if it is still the Private information that should not be shared.

Also, this behaviour is not specific to that particular pkcs12 file but any pkcs12 exported with no password.

security: SecKeychainItemImport: The user name or passphrase you entered is not correct.
 
 
Q