I am struck with a problem. I installed the p12 certificates once into a MacBookPro and then deleted it, now when I am again trying to install it. Keychain is simply not accepting the certificate for strange reason.

After some googling, I hit upon this link: http://www.openradar.me/7092640

Which clearly says that there is a bug with Keychain and states a workaround too. But unfortunately I do not have the .pem file, since I have not made a backup of it thinking that p12 file is sufficient (which actually is, if not for this bug!). So how do I get the .pem file so that I can install the certificates back onto the same laptop using this workaround?

Thanks for any suggestions / ideas. Raj

When you request a certificate, your Mac creates a public/private pair that will be used to download the certificate from Apple. This is why you can't download the resulting certificate from another Mac that doesn't have the original pair.

If you deleted the original pair, you have to re-import it first. If you don't have both halves of the pair, you may have request a new certificate from scratch.

If you have the originals and it won't import them to the login keychain, you might try creating a new keychain to use in the account with the "KeyChain Access" utility. If it imports the information, the Mac should be able to find it as long as you leave the new keychain open.

Quoting http://www.openradar.me/7092640:

You can use the 'security' command line tool:

security import priv_key.p12 -k ~/Library/Keychains/login.keychain

security import pub_key.pem -k ~/Library/Keychains/login.keychain

https://mcmap.net/q/112818/-i-lost-my-public-key-can-i-recover-it-from-a-private-key contains a similar answer.

1. Open Keychain Access.
2. On the Keychains panel right click on login. Select Lock Keychain "login".
3. Then unlock it.

Then the import should work.

When you request a certificate, your Mac creates a public/private pair that will be used to download the certificate from Apple. This is why you can't download the resulting certificate from another Mac that doesn't have the original pair.

If you deleted the original pair, you have to re-import it first. If you don't have both halves of the pair, you may have request a new certificate from scratch.

If you have the originals and it won't import them to the login keychain, you might try creating a new keychain to use in the account with the "KeyChain Access" utility. If it imports the information, the Mac should be able to find it as long as you leave the new keychain open.

go to keychain Select the Login option then select the My certificates option. If you had earlier expired certificates for the same client delete that. Then Again try to save the latest certificates in the keychain. This worked for me.

None of the posted solutions until now worked for me but the below one,

1. Open Keychain -> login -> Certificates

2. See if any of the certificated related to Apple (i.e. developer id certification authority, apple worldwide developer relations certification authority etc.) is expired. If so download the certificates from Apple site (Google yourself)

3. See if any of the certificated related to Apple is not verified/trusted. If so the make it trusted by system using below steps (4~7),

   1. Right click to certificate
   2. Click in Get Info option
   3. Set Trust-> Always Trust
   4. Close and give system password when asked

4. Now force close the Keychain app and try installing certificates again. This time it works!