Hello Quinn, Thank you for your response. I would like to know if there is any possible method to fetch or read certificates available on IOS system keychain from enterprise in-house app or not ? Our end goal is that the app requires the com.apple.managed-keychain entitlement to: Verify S/MIME certificate presence — confirm the MDM-pushed certificate has been successfully installed on the device keychain Read certificate expiry date — check the kSecAttrNotValidAfter attribute to determine validity and warn users of upcoming expiry Distinguish cert states — differentiate between a missing certificate, an expired certificate, and a valid certificate, in order to show the correct status and remediation action to the user If yes, kindly provide the details for further action.