Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Enumerate all certificates in Mac Keychain and compare creation/expiry dates

Tags:

macos

keychain

code-signing-certificate

I'm trying to write a script that will list all installed certificates in the keychain and compare them to the creation/expiration dates of certificates from the Apple dev portal.

I've looked at the documentation for security ( https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/security.1.html ) and openssl, but I can't seem to pass a cert from one to the other.

The alternative is to use the Security.framework directly, but I don't see any obvious method for dumping the creation/expiry dates for certificates.

Any guidance?

like image 621
ray Avatar asked Nov 13 '16 22:11

ray

People also ask

How do I view all certificates on my Mac?

In the Keychain Access app on Mac, select a keychain, then click either the My Certificates category or the Certificates category to see the certificates in that keychain.

What are certificates on Mac keychain?

In macOS, certificates are part of your digital identity and are stored in your keychain. Keychain Access lets you manage your certificates and keychains. Certificates are issued by trusted organizations, such as VeriSign, Inc., or RSA Data Security, Inc.

Where are passwords and certificates stored in a Mac?

Keychain Access lets you view the keys, certificates, passwords, account information, notes, or other information stored in a keychain. In the Keychain Access app on your Mac, if you don't see a list of keychains, choose Window > Keychain Viewer or press Command-1.

What is keychain certificate?

android.security.KeyChain. The KeyChain class provides access to private keys and their corresponding certificate chains in credential storage. Applications accessing the KeyChain normally go through these steps: Receive a callback from an X509KeyManager that a private key is requested.

1 Answers

At the command line, I think you could do security find-certificate -a -p and then split up the returned PEM-encoded certificates to feed them to openssl x509 -inform PEM .... one by one.

In code, you can enumerate certificates using SecItemCopyMatching with kSecClass=kSecClassCertificate and kSecMatchLimit=kSecMatchLimitAll. You might be able to get the certificate's expiration date using SecCertificateCopyValues(), but if not, you could get the certificate itself (as a DER-encoded blob) using SecCertificateCopyData() and pipe it to openssl x509 -inform DER .....

like image 179
wiml Avatar answered Sep 21 '22 10:09

wiml
Sign in to Comment

Related questions

How can I play a sound whenever I commit to Git?
On Mac, how to create a drag & drop app for a python script where the script name rather than Python shows in the MenuBar (etc.)?
Android SIP application using Linphone
Python: debugging with gdb (on OSX)
Locating Mac OS X folders using URLForDirectory instead of FSFindFolder
Can I set the dimensions of a screen capture in QuickTime Player 10
Backspace to beginning of line in IntelliJ
Prevent activating the application when clicking on NSWindow/NSView
How can I suppress the autosave “The file has been changed by another application” alert?
Python3 urllib.request will not close connections immediately
PhpStorm 8.0.2 always asks to allow incoming network connections
How to get cookies from WKWebView?
Where is the documentation for writing an OS X accessibility client?
Double clicking on headers of NSOutlineView is triggering double-click method?
Cannot Send Console Commands To iOS Device From Safari Web Inspector
What's the best way to set MACOSX_DEPLOYMENT_TARGET?
Behavior of SO_REUSEADDR and SO_REUSEPORT changed?
How do I access a USB drive on a OSX host from inside a docker container?
How to analyze https traffic from Android 6 emulator with Charles Proxy
OMNeT++ IDE crash on Mac OS X Sierra

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!