Export a PKCS #12 / PFX File from Keychain Access on macOS

Note: This article does not apply to SSL.com code signing and document signing certificates. These types of certificates cannot be generated as .pfx files and their private keys cannot be exported. SSL.com code signing and document signing certificates and their private keys can only be generated and stored in the eSigner cloud signing environment, a Yubikey device, or a supported Cloud HSM.

This how-to demonstrates how to export a PKCS #12 file from Keychain Access, the key and password manager built into macOS.

PKCS #12 (also commonly referred to as PFX) is a binary format that can be used to store an X.509 certificate, its private key, and any intermediate certificates into a single encryptable file. PKCS #12 files are usually found with the extensions .pfx or .p12, and are commonly used to import and export certificates and private keys on both Windows and Mac computers. These procedures were tested on macOS 10.14.3 Mojave, but should apply on any recent version of macOS.

  1. Open Keychain Access.app, located in /Applications/Utilities/.
    Keychain Access
  2. Use the menus on the left side of the window to locate and select the certificate and private key you wish to export. In this case we have chosen an SSL.com S/MIME and Client certificate installed in the login keychain. Selecting Certificates at the lower left shows the certificates installed in the keychain. The client certificate we wish to export is at the top of the list. Selecting it, we can see from the information at the top of the window that it was issued by SSL.com Client Certificate Intermediate CA RSA R1, which is also installed.
    Keychain access


    Note: the login keychain is the initial default keychain for your macOS user account, and is unlocked whenever you log into macOS. You can create as many additional keychains as you like, each with their own password.
  3. Select the intermediate certificate while holding down the Command (?) key, so that both certificates are selected.
    Two certificates selected
  4. With the certificates selected, chose File >> Export Items… from the menu.
    File >> Export
  5. Choose Personal Information Exchange (.p12) from the File Format: drop-down menu. Give your file a name in the Save As: field, making sure it ends in .p12, and navigate to the place you want to save your file with the Where: menu. When you are finished, click Save.
    Save As Dialog
  6. You will be now prompted to create a password to protect the PFX file. Remember this password! You will need it when you wish to import the certificates and key from the PFX file. Enter the password, verify it, and click OK.
    Create Password
  7. Next, you will be prompted to give Keychain Access permission to export your private key. Enter the password for your keychain and click Allow. If you are exporting from the login keychain, the password will be your login password.
    Enter keychain password
  8. Your new PKCS #12 file will be saved in the location you selected (in this case, the computer’s desktop).
    PFX file
Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.