User profile for user: leedm777
leedm777 Author
User level: Level 1
1 points

Keychain Access: Trouble importing .p12 certificate that has no password

I'm having trouble importing PKCS#12 certificates which have no password. If the .p12 file has a password, then the import works as expected. If it has no password, then after hitting enter on the password prompt a couple of times, it errors with "MAC verification failed during PKCS12 import (wrong password?)"


While normally putting private keys in a password-less .p12 is a Bad Thing(TM), in this case these certificates are only used to as one factor in two-factor authenticating web sites (the other factor being a password). The additional password on the private key seems overkill.


The .p12 file is generated with a command like:


openssl pkcs12 -export -out client.p12 -in client.crt -inkey client.key -certfile ca.crt -passout pass:


Is this a bug in OS X?


Is there some other way I can generate the certificate so Keychain Access will accept it?


Thanks!

dave

<><

Keychain Access-OTHER, Mac OS X (10.7.2)

Posted on Jan 5, 2012 12:06 PM

Reply

There are no replies.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Keychain Access: Trouble importing .p12 certificate that has no password

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up