macOS: Import .p12 certificate into the keychain via command line

Question

I'm trying to import .p12 certificate into the keychain on my mac via bash script. So far, I've been trying:

1. sudo security import command. It returns that import was successful but, in fact, it never gets imported into any keychain.
2. sudo security add-certificates -k /Library/Keychains/System.keychain certificate.p12 it throws the following error:

Password: SecCertificateCreateFromData: Unknown format in import.

The only thing that worked for me was the .cer format via this command: sudo security add-certificates -k /Library/Keychains/System.keychain certificate.cer. It does import the certificate into the keychain and I can see it in the keychain access.

But I only have .p12 certificates. Could anyone help me with that one, please?

Answer 1

For me this worked.

First unlock the keychain (in lots of automated build systems it's just "").

security unlock-keychain -p "<keychain_password>" ~/Library/Keychains/login.keychain

Second install the p12 file.

security import <p12_path> -k ~/Library/Keychains/login.keychain -P "<p12_password>" -T /usr/bin/codesign

Answer 2

The security add-certificates command can be used only to import certificates (such as .cer file, without the key).
To import a p12 keystore, the security import command have to be used.
Example:

security import certificate.p12 -k /Library/Keychains/System.keychain -P 'keystore_password'