Now you can import your certificate again. Sudo security delete-certificate -c /System/Library/Keychains/SystemRootCertificates.keychain Then remove the certificate with the following command: sudo security delete-certificate -Z /System/Library/Keychains/SystemRootCertificates.keychain Warning: If your Mac has a T2 security chip, this will likely result in the permanent loss of all files on your Mac as well as the Touch ID data stored in the enclave. From the Terminal, run this command: xartutil -erase-all. Identify the certificate you want to remove. Once the macOS installer begins, open a Terminal by clicking Utilities > Terminal in the menu bar. With the second command each certificate of the keychain is shown. Sudo security dump-keychain /System/Library/Keychains/SystemRootCertificates.keychain List all keychains / all certificates in your keychain: ls -l /System/Library/Keychains/ I think you imported it into the System-Keychain:įirst make a backup of your System Root Certificates before making any changes (or any other keychain you choose): cd /System/Library/Keychains/ "/Users/JonDoe/Library/Keychains/login.keychain" There are several keychains on your system: sudo security list-keychains Is there any way you can remove a private key from a keychain using Terminal commands only (as I do only have ssh access to the machine in question)? I've checked the man page of the security tool but did not find a means to delete a private key. Therefore I'm looking for a way to delete the private key from the keychain (so that I can re-import the identity afterwards). Since I only have ssh access to the machine, using the Keychain GUI application won't work.
This does not change the access list of the private key. I've also tried deleting the certificate from the keychain using security delete-certificate and re-importing.I've tried to re-import the identity with the added parameter but that does not seem to change the access list of the private key.
I've tried to add the codesign app to the access list to no avail: I forgot to specify -T /usr/bin/codesign, however, which adds the codesign application to the access list of the private key. This imports both items included in the p12 file, certificate and private key, into the given keychain. I've imported a developer identity (certificate + private key) for iOS development to a keychain using the "security" Terminal application with the command security import identity.p12 -k -P