Hello, I also stumbled on this issue recently with OpenSSL 3.X (3.0.5/3.0.8). After reading about the broken support between OpenSSL 3.X and Apple security API's got this to work by creating the P12 bundle maintaining the Apple API specs, following in the snippet from my C code to create the PKCS12 bundle: Note.: You will first need to have the legacy provider module in place (either dynamic package or statically linked into OpenSSL libs by using "no-shared" & "no-modules" configure options. int GeneratePKCS12(char* PassPhrase, char* FriendlyName, EVP_PKEY* PrivateKey, X509* Cert, STACK_OF(X509)* CaCerts, char** outPKCS12, int *outPKCS12Len) { //Load the legacy provider OSSL_PROVIDER *_legacy = OSSL_PROVIDER_load(NULL, "legacy"); OSSL_PROVIDER *_defaultProvider = OSSL_PROVIDER_load(NULL, "default"); if (_legacy != NULL) { p12OutCert = PKCS12_create_ex(PassPhrase, FriendlyName, PrivateKey, x509Cert, CaCerts, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_pbe_WithSHA1And40BitRC2_CBC, PKCS12_DEFAULT_ITER, -1, 0, NULL, NULL); if (p12OutCert) { if(1 == PKCS12_set_mac(p12OutCert, pswd, m_strlen(pswd), NULL, 0, 1, EVP_sha1())) { int nP12Len = 0; BIO *outBioP12 = BIO_new(BIO_s_mem()); i2d_PKCS12_bio(outBioP12, p12OutCert); nP12Len = BIO_pending(outBioP12); (outPKCS12) = (char)calloc(1, nP12Len + 1); BIO_read(outBioP12, *outPKCS12, nP12Len); outPKCS12Len = nP12Len; } else { printf("Failed to add P12 mac\n"); } } else { printf("Failed to create P12 \n"); } } else { char buf[256]; ERR_error_string_n(err, buf, sizeof(buf)); printf("Failed to load provider - %s\n", buf); } }