This how-to demonstrates how to export a PKCS #12 file from Keychain Access, the key and password manager built into macOS.
PKCS #12 (also commonly referred to as PFX) is a binary format that can be used to store an X.509 certificate, its private key, and any intermediate certificates into a single encryptable file. PKCS #12 files are usually found with the extensions .pfx
or .p12
, and are commonly used to import and export certificates and private keys on both Windows and Mac computers. These procedures were tested on macOS 10.14.3 Mojave, but should apply on any recent version of macOS.
- Open Keychain Access.app, located in /Applications/Utilities/.
- Use the menus on the left side of the window to locate and select the certificate and private key you wish to export. In this case we have chosen an SSL.com S/MIME and Client certificate installed in the login keychain. Selecting Certificates at the lower left shows the certificates installed in the keychain. The client certificate we wish to export is at the top of the list. Selecting it, we can see from the information at the top of the window that it was issued by
SSL.com Client Certificate Intermediate CA RSA R1
, which is also installed.
Note: the login keychain is the initial default keychain for your macOS user account, and is unlocked whenever you log into macOS. You can create as many additional keychains as you like, each with their own password. - Select the intermediate certificate while holding down the Command (?) key, so that both certificates are selected.
- With the certificates selected, chose File >> Export Items… from the menu.
- Choose Personal Information Exchange (.p12) from the File Format: drop-down menu. Give your file a name in the Save As: field, making sure it ends in
.p12
, and navigate to the place you want to save your file with the Where: menu. When you are finished, click Save.
- You will be now prompted to create a password to protect the PFX file. Remember this password! You will need it when you wish to import the certificates and key from the PFX file. Enter the password, verify it, and click OK.
- Next, you will be prompted to give Keychain Access permission to export your private key. Enter the password for your keychain and click Allow. If you are exporting from the login keychain, the password will be your login password.
- Your new PKCS #12 file will be saved in the location you selected (in this case, the computer’s desktop).