1

I want to import a client certificate into MacOS 13.4 for use with Safari.

I have imported the certificate both with Keychain access and the security command into MacOS.

Command used: security import Documents/ssl/nginx/client.pfx -P <passphrase> -k "/Users/ronnyforberger/Library/Keychains/login.keychain-db" -A

I still get 400 Bad Request

No required SSL certificate was sent

from the Webserver.

I have tried to set a new identity setting to the url of the website I want to reach with the client certificate, but still the same error message.

I have tried to both import the certificate to the login and system key chains, with no success.

I cannot import the certificate in the "local objects" keychain, I get an error that the keychain does not exist (though shown in the Keychain access).

So any ideas how to successfully import the client certificate into MacOS so that Safari uses it for the client connection for this specific website?

Improve this question
4
  • idk whether this applies to all certificates, as I only have ever needed one custom cert that I am issued every year - but I just double click it & it 'magically works'. I don't even extract it first from the email it arrives in, just double-click the icon right in the mail.
    – Tetsujin
    Commented Jun 23, 2023 at 10:44
  • OK, well I can install the certificate, no problems here, but Safari or the whatever MacOS logic does not use it for the site as a client certificate. I had no problems with that on Windows and Linux with Chrome.
    – Ronny Forberger
    Commented Jun 24, 2023 at 13:09
  • Have you checked that the Issuing/Root CA of the client certificate is also in your key chain? At least in some cases, MacOS does not import the CA certificate from the PFX file, while Windows does extract and import it.
    – Froggy
    Commented Dec 21, 2023 at 7:41
  • If you used OpenSSL v3 to create the PKCS#12 file, you should check out this SO answer which explains that that version uses an algorithm that is not supported by macOS's security frameworks.
    – nickform
    Commented Dec 22, 2023 at 15:36

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .