Find an identity (certificate + private key) satisfying a given policy.
Syntax
find-identity [-h] [-p policy] [-s string] [-v] [keychain...]
Options:
-h Display help.
-p policy Specify policy to evaluate (multiple -p options are allowed).
Supported policies: basic, ssl-client, ssl-server, smime, eap, ipsec,
ichat, codesigning, sysdefault, default, sys-kerberos-kdc
-s string Specify optional policy-specific string
(e.g. a DNS hostname for SSL, or RFC822 email address for S/MIME).
-v Show valid identities only (default is to show all identities).
If no policy arguments are provided, the X.509 basic policy is assumed.
If no keychain arguments are provided, the default search list is used.
Display help:
$ security find-identity -h
Display valid identities that can be used for SSL client authentication:
security> find-identity -v -p ssl-client
Display identities for a SSL server running on the host 'www.domain.com':
security> find-identity -p ssl-server -s www.domain.com
Display identities that can be used to sign a message from 'user@domain.com':
security> find-identity -p smime -s user@domain.com
“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing” ~ Helen Keller
Local man page: security - Command line help page on your local machine.
security - Administer Keychains, keys, certificates and the Security framework.