find-certificate [-h] [-a] [-c name] [-e emailAddress] [-m] [-p] [-Z] [keychain...]
Find a certificate item. If no keychain arguments are provided, the default search list is
used.
Options:
-a Find all matching certificates, not just the first one
-c name Match on name when searching (optional)
-e emailAddress
Match on emailAddress when searching (optional)
-m Show the email addresses in the certificate
-p Output certificate in pem format. Default is to dump the attributes and keychain
the cert is in.
-Z Print SHA-1 hash of the certificate
Examples
security> find-certificate -a -p > allcerts.pem
Exports all certificates from all keychains into a pem file called allcerts.pem.
security> find-certificate -a -e me@foo.com -p > certs.pem
Exports all certificates from all keychains with the email address me@foo.com into a
pem file called certs.pem.
security> find-certificate -a -c MyName -Z login.keychain | grep ^SHA-1
Print the SHA-1 hash of every certificate in 'login.keychain' whose common name
includes 'MyName'
“Even in the common affairs of life, in love, friendship, and marriage, how little security have we when we trust our happiness in the hands of others!” ~ William Hazlitt (On Living to One's-Self)
Related macOS commands:
security - Administer Keychains, keys, certificates and the Security framework.