How to programmatically export a Certificates.p12 from 'My Certificates' in Keychain Access?

Question

Once I import *.cer files that I got by sending a CertificateSigningRequest.certSigningRequest to Apple I can export them as one Certificates.p12 (Personal Information Exchange) which contains all public and private keys of such certificates within Keychain Access, so that I can transfer them to another Mac where I can use them to sign as well.

I would like to automate this process for a wizard software that guides the user on publishing an app under his own account.

I figured out I can export all my identities using the security binary:

security export -k login.keychain -t identities -f pkcs12 -P MYPASSPHRASE -o Certificates.p12

I see no way to export only specific certificates in the My Certificate tab though.

How can this be done properly?

Answer 1

I am not sure if this is exactly what you are looking for, but I was able to create a temporary keychain, import only the required cer and key files into it, and then export a p12 from there - see code below:

  security create-keychain -p foo tmpKeyChain
  security unlock-keychain -p foo tmpKeyChain
  security import MyKey.key -k tmpKeyChain 
  security add-certificates -k tmpKeyChain MyCer.cer
  security export -P myExportPassword -k tmpKeyChain -t all -f pkcs12 -o myNewP12.p12
  security delete-keychain tmpKeyChain