How to convert a .cer file to .p12 without the keychain password?
Private Key
You will need the password for the Keychain to export the private key associated with the certificate.
Alone the certificate can not be used to sign. You need the private key as well.
The private key was probably created along with the original CSR (certificate signing request) sent to Apple. By default, the private key is stored in the user's Keychain.
- The certificate is public and often stored in an unencrypted
.pem
file. - The key is private and often stored in the Keychain or an encrypted
.p12
file.
New Certificate and Key
You can ask Apple for a new signing certificate, using a new private key and CSR. This does not require administrator access or access to the existing Keychain. You will need access to the online Apple Developer account of the company.
As a precaution, consider creating a separate Keychain for the company - marked as Default while creating the CSR. The private key will then be saved into the separate Keychain and can be passed to codesign
as an absolute path with the --keychain
flag. You can also store the certificate in this Keychain file.