@maraino Yes, we would be happy to collaborate on this. To summarize, the ACME profile only works i) if the device attestation is set to True. ii) if there's no Common Name present in the Subject of the CSR. We get this below error if we provide a CN. CSR names do not match identifiers exactly: CSR names = [test], Order names = [] We would like to understand how the "Client Identifier" will fit into this picture. Apologies for not getting back immediately. Thanks in advance.

@Achipl Please see my answer below. Apologies for the delay. Didn't log in for a long time.

The step-ca demo server I was using didn't issue a Client Certificate if the Attest is set to false. Below ACME payload is verified to be working in iOS. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>70e4b45e3c1e</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadOrganization</key> <string>NewComp</string> <key>PayloadIdentifier</key> <string>4565353a3a84</string> <key>PayloadDisplayName</key> <string>ACME</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadContent</key> <array> <dict> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadUUID</key> <string>f84ef110e39b</string> <key>PayloadType</key> <string>com.apple.security.acme</string> <key>PayloadOrganization</key> <string>NewComp</string> <key>PayloadIdentifier</key> <string>f84ef110e39b</string> <key>PayloadDisplayName</key> <string>ACME Configuration</string> <key>DirectoryURL</key> <string>https://acmeserver/acme/acme/directory</string> <key>ClientIdentifier</key> <string>test</string> <key>HardwareBound</key> <true/> <key>KeyType</key> <string>ECSECPrimeRandom</string> <key>KeySize</key> <integer>384</integer> <key>Subject</key> <array> <array> <array> <string>1.2.840.113549.1.9.1</string> <string>test@test.com</string> </array> </array> </array> <key>SubjectAltName</key> <dict> </dict> <key>KeyUsage</key> <integer>5</integer> <key>Attest</key> <true/> </dict> </array> </dict> </plist>

Feedback raised: FB11736735

Feedback ID: FB11467655

Feedback ID: FB11467644

Raised a feedback in Feedback Assistant portal. FB11292074. Kindly help us on this issue.

#FB10039162 Raised to Apple Feedback. I cant able to upload the sysdiagnose logs here. But i have it in Apple feedback

Can you help me with this question ? Whether Content Filter Providers will be working only in Enterprise / Development Versions. And it wont be working in AppStore / TestFlight Versions? Can any one confirm this behaviour?