Thanks for all the input. Conclusion: From macOS 15, SecPKCS12Import API supports import for pfx certificates with modern algos (especially SHA256 for MAC in this case) For macOS <15, the only ways to achieve this, is to convert the pfx cert to a legacy format (sample code linked in first message) or implement your own pkcs#12 parsing algo. Follow-up Question: Are there any native API's (under Security.framework) that can achieve the pfx cert conversion to legacy format as done in the sample code I have shared? If so, I would highly appreciate if you can share references or sample code to achieve the same. [quote='835417022, DTS Engineer, /thread/779466?answerId=835417022#835417022'] I recommend that you file a bug against the tool. Please post your bug number, just for the record. [/quote] Bug filed. Ref: FB17330275

Thanks for the response. I had similar observations today while trying the following: When I drag and drop the p12 cert in question into login keychain and provide the password, I was able to import the cert. I've written a similar sample code for macOS and tried importing the p12 cert in question. I was able to import the cert there as well. I believe the issue comes when using the CLI command. Please verify this on your end as well. Additional question: Will the macOS < 15 systems support the new algos in future?

No worries. I have uploaded the files under this link and made it accessible. Kindly verify the same. https://www.icloud.com/iclouddrive/038xlfc8yNEepedQDfHLRlklg#DevForum%23779466

[quote='833152022, DTS Engineer, /thread/779466?answerId=833152022#833152022'] macOS 15 introduced support for a bunch of new algorithms that should allow you to import modern OpenSSL PKCS#12 files. See this thread for details [1]. [/quote] I'm unable to import the p12 cert with latest algos using security CLI on macOS 15. $sw_vers ProductName: macOS ProductVersion: 15.4 BuildVersion: 24E5238a $security import ~/Downloads/modern_certificate.p12 -k ~/Library/Keychains/login.keychain -P "export" security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?) $security import ~/Downloads/legacy_certificate.p12 -k ~/Library/Keychains/login.keychain -P "export" 1 identity imported. Here, "modern_certificate.p12" consists of the latest algos and, "legacy_certificate.p12" was regenerated from "modern_certificate.p12" with legacy algos. PFA, the hexdump for both the p12 certificates. modern_certificate_hex_dump.txt legacy_certificate_hex_dump.txt

I couldn't upload the sample p12 cert. Let me know if there is a way to do so. Thanks.

https://developer.apple.com/forums/thread/658107 The above mentioned thread provides a solution to a similar issue. You can export the private key in encrypted PEM format with the flag kSecItemPemArmour and later decrypt it using OpenSSL APIs such as, EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); Share and Enjoy — Subhash

https://developer.apple.com/forums/thread/658107 The above mentioned thread provides a solution to this similar issue.

Thanks for the helpful info @murali1.