XPost: comp.sys.mac.system, sci.crypt, alt.comp.os.windows-11   
   From: none@example.net   
      
   So I created a .mobileconfig profile for my IKEv2 VPN that uses certificate-   
   based authentication. This is necessary because macOS does not expose any   
   user interface options to specify algorithm proposals. The profile contains   
   the certificate chain, as well as my user certificate. I was getting an error   
   when trying to install it on macOS 26:   
      
   "Profile installation failed."   
      
   "The certificate could not be verified (authentication error)."   
      
   I also noticed that after double clicking the .mobileconfig file, the dialog   
   prompt ('Are you sure you want to install this profile?') didn't show my user   
   certificate's Common Name.   
      
   This error occurs because the .pfx file containing my user certificate was   
   using (according to OpenSSL):   
      
   'PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256'.   
      
   If the .pfx file uses the deprecated 'pbeWithSHA1And3-KeyTripleDES-CBC,   
   Iteration 2000' algorithms, the profile will be read and imported   
   successfully on macOS 26. Windows 11 was used to generate the .pfx files.   
   Interestingly, this error did not occur with iOS 26. It looks like the MDM   
   code in macOS needs to be fixed to support the newer algorithms.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)