Our product creates signed mobileconfig Profiles which install root certificates on MacOS devices (via a "com.apple.security.root" payload).
For MacOS versions prior to Ventura the resulting certificates on the end user MacOS device's were marked as "Always Trust" for SSL in the trust details seen in Keychain Access.
On MacOS Ventura the same setting for SSL for the CA certificate is shown as "no value specified" in the trust details of Keychain Access.
The "no value specified" seems to result in web servers presenting certs chained to the CA not being trusted, at least in Safari. Is there any Profile based option to specify the provided CA certificate should be trusted (equivalent of "Always Trust") for SSL on Ventura?
STEPS TO REPRODUCE:
1) Via a mobileconfig based Profile, install a CA certificate via a "com.apple.security.root" payload
2) Visit the resulting certificate entry in Keychain Access
3) Expand the "Trust" section/settings of the certificate
4a) Prior to MacOS Ventura all of the items such as "Secure Socket Layer (SSL)", "Secure Mail", etc were all marked as "Always Trust".
4b) In Ventura "Secure Socket Layer (SSL)" is marked as "no value specified" while all the other items are marked as "Always Trust"