Yes, the user manually adds the cert & private key to the Keychain Access app (more specifically, the login keychain) and we are trying to extract the cert and the private key data from there.

Hi, were you able to retrieve the key? We are running into a similar issue.

Thank you for the information Quinn. We plan to pass the extracted private key data to an openssl API. We were able to actually get the data back by using the "SecItemExport" with a placeholder password. However, "SecItemExport" seems to return the private key without a -25260 error only if we use "SecExternalFormat.formatWrappedPKCS8" or "SecExternalFormat.formatPKCS12". Do you know if there is anyway for us to get a PEM formatted or PKCS1 key back?

Yes, we are trying to run a connection with certificate authentication.

We need OpenSSL because we are trying to use OpenVPN protocol.

OK, I’m going to presume you mean “because that’s what our existing OpenVPN implementation uses.” OpenVPN is a protocol and, while that protocol is based on TLS, it does not require that you to use one specific TLS implementation. Right? You are correct, that's what our existing implementation uses. Thank you for your response Quinn! We will look more into the 3 choices.