Keychain Access won't let me Export to a .p12 file

I'm following the "backup your Identities" recipe

It’s always a good idea to include links to the resources you’re using. In this case that’s The Care and Feeding of Developer ID.

I suspect that you missed step 2 of the instructions in Back Up Your Signing Identities, that is, selecting My Certificates at the top. That means you’re looking at certificates (Certificates) not digital identities (My Certificates) and hence you only get the certificate export options.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

When I initially obtained my Developer ID Application and Developer ID Installer Certificates, they were put in the "Certificates" under the System Keychain. I don't remember choosing this storage location.

The associated private keys were stored in Keys / login.

And since "codesign" was happy with finding my credentials stored this way, but you're saying to Export them they needed to go in MyCertificates, this raises the 2 questions:

1. How do I move my Developer ID Certificates into MyCertificates?

2. How was it decided to install them in the wrong place?

they were put in the "Certificates" under the System Keychain.

That’s definitely not the right place for them.

Historically Keychain Access would form identities even if the components were in different keychains. We changed that when we rewrote Keychain Access for macOS 11. It seems that Keychain Access now requires the certificate and private key to be in the same keychain. Which, honestly, seems pretty reasonable to me (-:

1. How do I move my Developer ID Certificates into MyCertificates?

Do this:

1. Select the System keychain on the left.
2. Select Certificates at the top.
3. Select the relevant certificate.
4. Choose File > Export Items and save the certificate in a .cer file.
5. Select login on the left.
6. Choose File > Import Items.
7. Click Show Options and make sure that Destination Keychain is set to login.
8. Choose the file from step 3.

Once you’ve confirmed that this worked, and you’re able to export the identity as a .p12, go back to the System keychain and delete the extraneous copy of the certificate.

2. How was it decided to install them in the wrong place?

It’s hard to say without reviewing the exact steps you took to import the certificate. However, the most likely culprit is step 7 above.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[quote='848905022, pbierre, /thread/792821?answerId=848905022#848905022, /profile/pbierre'] 2. How was it decided to install them in the wrong place? [/quote]

Thanks!

The recipe to transfer the Developer ID Certs --> MyCertificates isn't perfect....it did allow me to copy the Certs into login / MyCertificates, but if I then try to delete the Developer ID Certs associated with System / Certificates, the delete command deletes BOTH copies of the Cert, leaving me with nothing.

The good news is that codesign accepts the Certs I transferred by .p12 file Export / Import onto my M2 computer (which was the higher-level problem). It only gives a warning about finding multiple copies of the same cert.

I chose NOT to accept the answer because it leaves the codesign with this warning.