Skip to main content

Command line interface to macOS keychains and Security framework.

# To list the available keychains:
security list-keychains

# To delete a specific keychain:
security delete-keychain <path>

# To create a keychain:
security create-keychain -p <password> <keychain.name>

# To set a certificate to use with a website or [s]ervice by its [c]ommon name (fails if several certificates with the same common name exist):
security set-identity-preference -s <URL|hostname|service> -c "<common_name>" <path/to/file.keychain>

# To add a certificate from file to a [k]eychain (if -k isn't specified, the default keychain is used):
security add-certificates -k <keychain.name> <path/to/file.pem>

# ---

# To dump the contents of the System Root Certificates Keychain:
sudo security dump-keychain /System/Library/Keychains/SystemRootCertificates.keychain

# To delete a System Root Certificate by its SHA-1 hash value:
sudo security delete-certificate -Z <sha1_value> /System/Library/Keychains/SystemRootCertificates.keychain

# To list all installed certificates for a given Keychain (or the System Keychain if run as root and no Keychain is specified):
security find-certificate -a | awk -F'"' '/labl/{print $4}'