Mac Tutorials - Herong's Tutorial Examples - v3.08, by Herong Yang
Keychain File Locations on macOS
This section provides a tutorial example on how to find Keychain file locations on macOS computers.
Keychain is a great tool to manage certificates on Mac computers. Normally you don't need to know those certificates are stored and where they are stored.
Most PKI-based applications designed to run on Mac computers knows how to access certificate managed by Keychain. Safari Web browser is a good example.
If you really want to know where Keychain files are stored on your Mac computer, here some guidelines to help you finding them:
1. Certificates in "login" Keychain - login.keychain-db stored in ~/Library/Keychains/ in your home directory.
herong$ sudo ls -l ~/Library/Keychains/ drwx------ 11 herong staff 374 1EE865BD-E71B-57E4-8E7D-BD7119D2B5BB -rw-r--r-- 1 herong staff 30272 Test.keychain-db -rw-r--r--@ 1 herong staff 499876 login.keychain-db -rw-r--r-- 1 herong staff 354188 login.keychain-db.sb-9e03cdb4-HH8NvQ -rw------- 1 herong staff 154336 metadata.keychain-db
2. Certificate in "System" Keychain - System.keychain stored in the /Library/Keychains/ directory.
herong$ sudo ls -l /Library/Keychains -r--r--r--@ 1 root wheel 0 .fl043D1EDD -r--r--r-- 1 root wheel 0 .fl947E1BDB -rw-r--r-- 1 root wheel 88664 System.keychain -rw-r--r--@ 1 root wheel 65944 apsd.keychain
3. Certificate in "System Roots" Keychain - SystemRootCertificates.keychain stored in the /System/Library/Keychains/ directory.
herong$ sudo ls -l /System/Library/Keychains/ -rw-r--r-- 1 root wheel 6814 EVRoots.plist -rw-r--r-- 1 root wheel 385940 SystemRootCertificates.keychain -rw-r--r-- 1 root wheel 91756 SystemTrustSettings.plist -rw-r--r-- 1 root wheel 282984 X509Anchors
However, some PKI-based applications are designed to run on the Linux system that supports the Mac computer. They do not use certificates that are managed by keychain. See the next tutorial for examples.
Table of Contents
Macintosh OS (Operating System) History
System and Application Processes
Keychain Access - Password Manager
►Keychain Access - Certificate Manager
Using Keychain Access as Certificate Manager
Listing of Trusted Root CA in macOS
Exporting Root Certificate to File from macOS
Delete/Untrust Certificates from macOS
Import Server Certificates to macOS
Create My Own Root CA on macOS
Review My Root CA Certificate on macOS
Review Private Key of My CA Certificate on macOS
Generate CSR (Certificate Signing Request) on macOS
Issue New Certificate with My CA on macOS
Verify Certificate Signed by My CA on macOS
Manage Keychains with Commands
►Keychain File Locations on macOS
CA Certificates at "/etc/ssl | /private/etc/ssl"