From Newsgroup: comp.sys.mac.system

So I created a .mobileconfig profile for my IKEv2 VPN that uses certificate- based authentication. This is necessary because macOS does not expose any
user interface options to specify algorithm proposals. The profile contains
the certificate chain, as well as my user certificate. I was getting an error when trying to install it on macOS 26:

"Profile installation failed."

"The certificate could not be verified (authentication error)."

I also noticed that after double clicking the .mobileconfig file, the dialog prompt ('Are you sure you want to install this profile?') didn't show my user certificate's Common Name.

This error occurs because the .pfx file containing my user certificate was using (according to OpenSSL):

'PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256'.

If the .pfx file uses the deprecated 'pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000' algorithms, the profile will be read and imported
successfully on macOS 26. Windows 11 was used to generate the .pfx files. Interestingly, this error did not occur with iOS 26. It looks like the MDM
code in macOS needs to be fixed to support the newer algorithms.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.sys.mac.system

On Mon, 27 Oct 2025 21:29:07 -0400, Anonymous wrote:

It looks like the MDM code in macOS needs to be fixed to support the
newer algorithms.

Presumably they’re not writing their own code, they’re using some open- source library. And as is all too common among proprietary vendors, they
are using some old, obsolete version of that library.
--- Synchronet 3.21a-Linux NewsLink 1.2