Find a certificate item.
find-certificate [-h] [-a] [-c name] [-e emailAddress] [-m] [-p] [-Z] [keychain...]
Options:
-a Find all matching certificates, not just the first one.
-c name Match on name when searching (optional).
-e emailAddress Match on emailAddress when searching (optional).
-h Display help.
-m Show the email addresses in the certificate.
-p Output certificate in pem format.
Default is to dump the attributes and keychain the cert is in.
-Z Print SHA-1 hash of the certificate.
If no keychain arguments are provided, the default search list is used.
Export all certificates from all keychains into a pem file called allcerts.pem:
security> find-certificate -a -p > allcerts.pem
Export all certificates from all keychains with the email address me@foo.com into a pem file called certs.pem:
security> find-certificate -a -e me@foo.com -p > certs.pem
Print the SHA-1 hash of every certificate in 'login.keychain' whose common name includes 'MyName':
security> find-certificate -a -c MyName -Z login.keychain | grep ^SHA-1
“Even in the common affairs of life, in love, friendship, and marriage, how little security have we when we trust our happiness in the hands of others!” ~ William Hazlitt (On Living to One’s-Self)
Local man page: security - Command line help page on your local machine.
security - Administer Keychains, keys, certificates and the Security framework.
codesign - Create and manipulate code signatures.