Where are digital certificates actually stored on Mac OS X computers?

Where are digital certificates stored on Mac OS X

Apple's Mac OS X includes a built-in key and password manager, Keychain, for storing user passwords, user and server certificates, and keys.

Source Certificate and Key Management in Mac OS X

Where is the keychain data stored?

Keychain data is stored in ~/Library/Keychains/, /Library/Keychains/ and /Network/Library/Keychains/.

The first location is where my personal keychain is stored. To access their data, I need the Keychain Utility located in the Utilities folder in the Applications folder.

I like using Spotlight to access the Keychain Utility because it only takes a few keys to get there – click the Spotlight icon in the top right corner and type 'keychain'. Spotlight is fast, predicting what you're looking for and quickly putting it at the top of search results, so you don't even need to type an entire word. Once you open it, you can access your keychain.

Understanding local keychain files

I will briefly explain the purpose of the most important files in these directories.

/Users//Library/Keychains/login.keychain– This keychain is created when you create a user account in Mac OS X, and usually its password is synced with your login password. It's unlocked on login and locked on logout. This is the final entry point for most of your passwords. When you change your login password or use the Keychain Access utility, its password also changes.

/Users//Library/Keychains/– UUID stands for Unique User ID – This identifier does not match your OS UUID. It is created when the account is created. This is where your iCloud Keychain is stored, but if the service isn't enabled, it will show up as "Local Items" and be renamed to "iCloud" when the service is enabled. The iCloud Keychain service allows its passwords and other types of data to be synced with your other Apple devices such as an iPad, iPhone, or other Mac. The only requirements are that all these devices use the same Apple ID account and that the operating system supports the iCloud Keychain service (Mac OS X 10.9 and above, iOS 7.0.3 and above).

/Library/Keychains/System.keychain– The system keychain stores items that the operating system can access and share among users, for example, allowing everyone on the Mac to connect to a WiFi network. Only administrators can change its content.

/Library/Keychains/FileVaultMaster.keychain– The file is created by the system after the FileVault encryption service is enabled on the Mac. The operating system manages its content.

/System/Library/Keychains/– This is another location where you can store payloads of keychain files. Its content is managed by the system and other applications. Most of them will not appear in the Keychain Access utility, however, all users will benefit from it.

Source Understanding Ivaylo Mihaylov 's Mac OS X Keychain

Further reading

• Mac OS X - Using the System Keychain