find-identity [-h] [-p policy] [-s string] [-v] [keychain...]
Find an identity (certificate + private key) satisfying a given policy. If no policy arguments
are provided, the X.509 basic policy is assumed. If no keychain arguments are provided, the
default search list is used.
Options:
-p policy Specify policy to evaluate (multiple -p options are allowed). Supported policies:
basic, ssl-client, ssl-server, smime, eap, ipsec, ichat, codesigning, sysdefault,
default, sys-kerberos-kdc
-s string Specify optional policy-specific string (e.g. a DNS hostname for SSL, or RFC822
email address for S/MIME)
-v Show valid identities only (default is to show all identities)
Examples
security> find-identity -v -p ssl-client
Display valid identities that can be used for SSL client authentication
security> find-identity -p ssl-server -s www.domain.com
Display identities for a SSL server running on the host 'www.domain.com'
security> find-identity -p smime -s user@domain.com
Display identities that can be used to sign a message from 'user@domain.com'
“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing” ~ Helen Keller
Related macOS commands:
security - Administer Keychains, keys, certificates and the Security framework.