从钥匙串导出 p12 文件 "My Certificates"

Export p12 file from keychain "My Certificates"

我正在尝试从 MAC 机器(用于 Google 云消息海豚)导出证书密钥 "Apple Push Service"。这个密钥我刚刚从苹果网站

按照以下步骤创建了它

To manually generate a Certificate, you need a Certificate Signing Request (CSR) file from your Mac. To create a CSR file, follow the instructions below to create one using Keychain Access.

Create a CSR file.

In the Applications folder on your Mac, open the Utilities folder and launch Keychain Access.

Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.

  • In the Certificate Information window, enter the folwing information: In the User Email Address field, enter your email address. In the Common Name field, create a name for your private key (e.g., John Doe Dev Key). The CA Email Address field should be left empty. In the "Request is" group,

    select the "Saved to disk" option.

Click Continue within Keychain Access to complete the CSR generating process.

我创建了证书,我需要将其导出到 .p12 文件以完成我的过程。

所以我做了下面的过程(转到钥匙串并尝试导出)

然后当我尝试写我的密码时没有任何反应,没有错误也没有导出(无)!!!!

我确定我的密码是正确的,为了确保我再次重置我的钥匙串 "login",然后重新启动 MAC 机器,再试一次,但仍然无法正常工作!!

我也尝试通过下面的命令行导出密钥

security export -k login.keychain -t all -f pkcs12 -P myPasswordHere

但无法正常工作,出现以下错误

security: SecKeychainItemExport: A cryptographic verification failure has occurred.

我什至尝试删除此证书并重做,甚至我尝试重置所有登录钥匙串并重做一切,但这也无济于事!

任何帮助我如何导出此证书??? 谢谢。

我知道我的问题的答案,我想分享它,它可能会有所帮助。

该问题是由于我尝试使用 VNC 远程从钥匙串导出证书。根据 Apple 网站,从 MAC update 10+ 开始,如果您使用任何远程工具,可以防止从钥匙串导出证书的安全增强功能,您应该只能在物理机器上执行此操作。

详情如下link

https://discussions.apple.com/thread/7305746?tstart=0

"the problem was working on these machines remotely via Apple Remote Desktop. With the 10.11.1 update, Apple introduced a "security fix" that disabled the ability for non-physical devices to interact with the Keychain. You can see the details of this "fix" here (scroll all the way to the bottom of the page and look for CVE-2015-5943 for a full description):

About the security content of OS X El Capitan v10.11.1 and Security Update 2015-007 - Apple Support "

You can confirm this being the issue with your machine if you view the system logs via the Console.app. When you click on "Always Allow", you should see the following in the logs:

Ignoring user action since the  dialog has received events from an untrusted source

Basically, your click is being registered as a "synthetic click". In my case, this was because I was using Apple Remote Desktop (I also tested various other remote apps I use, like TeamViewer and iTeleport Connect, and all resulted in the same error in the logs). Basically, this affects any screen sharing app. My solution was to drive into the office and physically click "Always Allow" on each machine. Yay. Thanks Apple! Great "fix"!!!

在我尝试物理访问 MAC 服务器后,问题解决了,我能够从登录钥匙串中导出证书。