Hi There, I am the teammate of Cheng. I found something weird here, when I use the command openssl pkcs12 -info -in <p12 Cert> to dump the cert file which we sent to you before in Linux, I got this: $ openssl pkcs12 -info -in test.p12 Enter Import Password: MAC: sha1, Iteration 100000 MAC length: 20, salt length: 20 PKCS7 Data Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 10000, PRF hmacWithSHA256 Bag Attributes friendlyName: cast_nearby_client_auth localKeyID: 54 69 6D 65 20 31 36 34 30 30 33 31 38 32 34 32 31 32 Key Attributes: <No Attributes> Enter PEM pass phrase: Verifying - Enter PEM pass phrase: -----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxZdIjm+Omo0CAggA ... DvpIBfgjs86tuXHOi4J4gBkTXOhYOKvuguXvtb8h8w33M/IOiB+KVziXBhW91LxA K0AYFolhBd83xpekNYg5kQ== -----END ENCRYPTED PRIVATE KEY----- PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 10000, PRF hmacWithSHA256 Certificate bag Bag Attributes friendlyName: cast_nearby_client_auth localKeyID: 54 69 6D 65 20 31 36 34 30 30 33 31 38 32 34 32 31 32 subject=CN = cast_nearby_client_auth issuer=CN = cast_nearby_client_auth -----BEGIN CERTIFICATE----- MIIC/jCCAeagAwIBAgIIaFS1HFLdQrUwDQYJKoZIhvcNAQELBQAwIjEgMB4GA1UE ... 3BFewf6vISPnxGMb6ZHUrQJRv96Mtptx5lWdoTOcHC0J5Wgd0NedO3lYKBBixy32 U3U= -----END CERTIFICATE----- It seems matches the structure of file test-openssl.p12, but when I move this file to my Mac and run the same command, I got the same result as what you got. Because our code hasn't been changed for a long time (~1 year), and it suddenly starts failing on around 9/23/2021, could you help to check if there is anything changed inside the SecPKCS12Import API (e.g. Add more restrictions, Start rejecting some kind of structure), so that we may be able to figure out which part of our cert fails this API call, currently we only know it fails. Thank you for your help!