find-certificate [-h] [-a] [-c name] [-e emailAddress] [-m] [-p] [-Z] [keychain...] Find a certificate item. If no keychain arguments are provided, the default search list is used. Options: -a Find all matching certificates, not just the first one -c name Match on name when searching (optional) -e emailAddress Match on emailAddress when searching (optional) -m Show the email addresses in the certificate -p Output certificate in pem format. Default is to dump the attributes and keychain the cert is in. -Z Print SHA-1 hash of the certificate Examples security> find-certificate -a -p > allcerts.pem Exports all certificates from all keychains into a pem file called allcerts.pem. security> find-certificate -a -e firstname.lastname@example.org -p > certs.pem Exports all certificates from all keychains with the email address email@example.com into a pem file called certs.pem. security> find-certificate -a -c MyName -Z login.keychain | grep ^SHA-1 Print the SHA-1 hash of every certificate in 'login.keychain' whose common name includes 'MyName'
“Even in the common affairs of life, in love, friendship, and marriage, how little security have we when we trust our happiness in the hands of others!” ~ William Hazlitt (On Living to One's-Self)
Related macOS commands:
security - Administer Keychains, keys, certificates and the Security framework.
codesign - Create and manipulate code signatures.