Keychain Access: Trouble importing .p12 certificate that has no password
I'm having trouble importing PKCS#12 certificates which have no password. If the .p12 file has a password, then the import works as expected. If it has no password, then after hitting enter on the password prompt a couple of times, it errors with "MAC verification failed during PKCS12 import (wrong password?)"
While normally putting private keys in a password-less .p12 is a Bad Thing(TM), in this case these certificates are only used to as one factor in two-factor authenticating web sites (the other factor being a password). The additional password on the private key seems overkill.
The .p12 file is generated with a command like:
openssl pkcs12 -export -out client.p12 -in client.crt -inkey client.key -certfile ca.crt -passout pass:
Is this a bug in OS X?
Is there some other way I can generate the certificate so Keychain Access will accept it?
Thanks!
dave
<><
Keychain Access-OTHER, Mac OS X (10.7.2)