Digital certificates on OS X and iOS

In the instructions below, I use as an example SAP Service Marketplace in order to generate and install a client certificate.

Single Sign-On (SSO) with an SAP Passport allows access to several portals within the SAP Service Marketplace, without having to enter your user ID and password. SAP Passport is a digital client certificate that provides hassle-free single-sign on access without the need to log in each time.

In order to access SAP Service Marketplace on OS X (through Apple Safari or Google Chrome) or iOS, you need a certificate in PKCS #12 format.

PKCS #12, the Personal Information Exchange Syntax Standard, defines a file format that is used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. PFX is a predecessor to PKCS #12.

An easy way to export certificates in PKCS #12 format, is through Mozilla Firefox in a Microsoft Windows or Apple OS X system.

  1. Download Mozilla Firefox (for Microsoft Windows or OS X).
  2. Apply for an SAP Passport, through Mozilla Firefox, in order to create a certificate.
  3. Export the certificate (.p12 extension) for your user ID, through Mozilla Firefox, by navigating to:
    Options → Advanced → Encryption → View certificates
    Then, select the certificate and click on “Backup…“.
    You can now (optionally) uninstall Mozilla Firefox.

In OS X:

  • Open Keychain Access by typing “Keychain Access” on the Spotlight and import the certificate to your “login” keychain by navigating to File → Import Items.
  • You can now open SAP Service Marketplace, either through Apple Safari or Google Chrome, and choose your certificate when prompted.

    Safari - certificates window

  • In case the message “Mac OS X wants to make changes. Type an administrator’s name and password to allow this. Mac OS X wants to use the “System” keychain.” is displayed upon choosing your certificate, reset the default keychain. Open Keychain Access, as previously, and navigate to Preferences → General → Reset. Finally, restart your system.


  • You can now open SAP Service Marketplace using the installed certificate.
In iOS: