CodeSign The specified item could not be found in the keychain

I am trying to translate a working codesigning mechanism into our CI process.

I add the cert using the following.

Code Block 
sudo security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain-db developerID_application.cer

But, when I check it, it is not recognized for codesigning.

Code Block 
$ security find-identity -p codesigning
Policy: Code Signing
  Matching identities
     0 identities found
  Valid identities only
     0 valid identities found

And subsequent codesign fails with 

Code Block 
error: The specified item could not be found in the keychain.


Compared to what I am doing in the working mechanism on my desktop, only missing step seems to be signing to my developer account on xcode. But, not sure if that is the issue, or if so, not sure how you can do that from command line.
Up vote post of interactor Down vote post of interactor
8.3k views
Posted by
interactor
Reply
Add a Comment

Replies

Looks like you're doing two different things.

  • Your command adds a certificate as "trusted", which usually isn't necessary unless it's self-signed.

  • In particular you're using the root user to modify the current user's keychain, which might have the effect of making it unreadable by that user

  • The file extension is cer which is not an identity.

  • An identity is a certificate and its private key together in one file, which is almost always encrypted with the extension p12.

Posted by
TyngJJ
Up vote reply of TyngJJ Down vote reply of TyngJJ
Add a Comment
This is for CI process, and when I do this on a desktop, I am adding my developer cert manually. What I am trying to do is find a way to add the developer cert using a command line.
Posted by
interactor
Up vote reply of interactor Down vote reply of interactor
Add a Comment

What I am trying to do is find a way to add the developer cert using a
command line.

You seem to be mixing up certificate and digital identity. When you need to sign is code signing identity, that is, the combination of a certificate and a private key that matches the public key in the certificate. Your input to security is a .cer file, which is just a certificate. You would normally add an identity as a PKCS#12 which, as TyngJJ pointed out, typically has the extension .p12.

To import a digital identity from the command line you need to first export it from the original use as a PKCS#12. Keychain Access can do that. You can then import it on the target system using the import subcommand. See the security man page for details. Note that most of the arguments are optional, with import inferring the right values from the .p12 extension.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment