I created a couple of self-signed S/MIME certificates (using OSX Keychain & OpenSSL) and then exported these into 3 files:
- Certificate (.cer)
- Private Key (.p12)
- Public Key (.pem)
When attempting to import these back into another Mac, the Certificate and Private Key imported without any issues. But the Public Key can't be imported.
Instead I get the following error message:
An error has occurred. Unable to import an item.
The contents of this time cannot be retrieved
How can I import the public key? Should it be converted to another format for import?
33 Answers
Its a bug in OSX. You can import from the command line as per this answer:
The command is:
security import pub_key.pem -k ~/Library/Keychains/login.keychainYou'll then need to rename the key in keychain.app
6The certificate actually contains a copy of the public key (along with a name, and a signature from the certificate authority saying that name and that public key go together). Normally you don't need to deal with the public key as a separate item if you're using a certificate-based system like SMIME. If you wanted to, you could extract a copy of the public key from the certificate using the openssl x509 command.
(I wonder if Keychain is refusing to import the public key because it thinks it already has a copy, in the certificate? Keychain's error messages are usually pretty vague.)
A .p12 file can hold your key pair. You'll be prompted for a password if it contains your private key. Keychain will show the private key in a nested way. If imported correctly it should show under 'My Certificates'.