Export a PKCS #12 / PFX File from Keychain Access on macOS

This how-to demonstrates how to export a PKCS #12 file from Keychain Access, the key and password manager built into macOS. PKCS #12  (also commonly referred to as as PFX) is a binary format that can be used to store an X.509 certificate, its private key, and any intermediate certificates into a single encryptable file. PKCS #12 files are usually found with the extensions .pfx or .p12, and are commonly used to import and export certificates and private keys on both Windows and Mac computers. These procedures were tested on macOS 10.14.3 Mojave, but should apply on any recent version of macOS.

1. Open Keychain Access.app, located in /Applications/Utilities/.

Keychain Access

 

2. Use the menus on the left side of the window to locate and select the certificate and private key you wish to export. In this case we have chosen an SSL.com S/MIME and Client certificate installed in the login keychain. Selecting Certificates at the lower left shows the certificates installed in the keychain. The client certificate we wish to export is at the top of the list. Selecting it, we can see from the information at the top of the window that it was issued by SSL.com Client Certificate Intermediate CA RSA R1, which is also installed.

Keychain access

Note: the login keychain is the initial default keychain for your macOS user account, and is unlocked whenever you log into macOS. You can create as many additional keychains as you like, each with their own password.

 

3. Select the intermediate certificate while holding down the Command (⌘) key, so that both certificates are selected.

Two certificates selected

 

4. With the certificates selected, chose File >> Export Items… from the menu.

File >> Export

 

5. Choose Personal Information Exchange (.p12) from the File Format: drop-down menu. Give your file a name in the Save As: field, making sure it ends in .p12, and navigate to the place you want to save your file with the Where: menu. When you are finished, click Save.

Save As Dialog

 

6. You will be now prompted to create a password to protect the PFX file. Remember this password! You will need it when you wish to import the certificates and key from the PFX file. Enter the password, verify it, and click OK.

Create Password

 

7. Next, you will be prompted to give Keychain Access permission to export your private key. Enter the password for your keychain and click Allow. If you are exporting from the login keychain, the password will be your login password.

Enter keychain password

 

8. Your new PKCS #12 file will be saved in the location you selected (in this case, the computer’s desktop).

PFX file

 

If you have any questions or need assistance, please contact us at Support@SSL.com, 1-SSL-Certificate (1-775-237-8434) or just use the Live Chat option at the bottom right of this page. And, as always, thank you for choosing SSL.com!