30

Can someone tell me and maybe link to literature which describes it, where are the digital certificates storage location on Mac OS X? I know I could access the certificates with the “Keychain” application. But where are the certificates stored on the disk? Under Linux they are for example under /etc/ssl/certs but under Mac OS X they are no certificates in this folder.

I read something about that the certificates are stored in a “Keychain File?” Is this right? If yes, could someone explain me the technical details on it.

If someone has detailed literature of this stuff, would be helpfull to link them here. thanks!

Giacomo1968
  • 58,727
Opa114
  • 461

1 Answers1

21

Where are the digital certificates storage location on Mac OS X

Apple's Mac OS X includes a built-in key and password manager, Keychain, which stores user passwords, user and server certificates, and keys.

Source Certificate and Key Management in Mac OS X (Link no longer available)

Where is the Keychain data stored?

The keychain data is stored in ~/Library/Keychains/, /Library/Keychains/, and /Network/Library/Keychains/.

The first location is where my personal keychain is stored. To access their data, I need the Keychain Utility located in the Utilities folder in the Applications folder.

I like using spotlight to access the Keychain Utility as it only takes a few keys to get there – click on the spotlight icon in the top right corner and type “keychain”. Spotlight is quick and will predict what you are looking for and get it on top of the search quickly, so you don’t even need to type the whole word. Once you open it, you have access to your Keychain.

Understanding Local Keychain Files

I will briefly explain the purpose of the most important files in these directories.

/Users/${OS_USERNAME}/Library/Keychains/login.keychain-db – This keychain is created when your user account in Mac OS X is created and normally has its password synchronised with your login password. It is unlocked at login and locked a logout. This is where most of your passwords will end up in. Its password is changed when you change your login password or using the Keychain Access utility.

/Users/${OS_USERNAME}/Library/Keychains/${HARDWARE_UUID}/ – UUID stands for Universally Unique Identifier and this value is unique to your device. In the Keychain Access app, it appears as “Local Items” and is where your iCloud keychain is stored, when the service is enabled. The iCloud keychain service allows passwords and other types of data from it to be synchronised with your other Apple devices like you iPad, iPhone or another Mac. The only requirements are that all these devices are using the same Apple ID account, and the OS supports the iCloud keychain service (Mac OS X 10.9 and above, iOS 7.0.3 and above).

/Library/Keychains/System.keychain – The System keychain stores items that are accessed by the OS and shared between users, for example, to allow everyone on the Mac to be able to connect to a WiFi network. Only administrators can change its content.

/Library/Keychains/FileVaultMaster.keychain – This file is created by the system when FileVault encryption service is enabled on your Mac. The OS manages its content.

/System/Library/Keychains/ – This is another location that can store loads of keychain files. Its content is managed by the system and other applications. Most of them will not appear in the Keychain Access utility however, all users benefit from it.

Source Understanding the Mac OS X Keychain (Link updated) by Ivaylo Mihaylov

Further Reading

clausavram
  • 103
DavidPostill
  • 162,382