Hi,
I've been working on a project that creates some configuration profiles (.mobileconfig) and I wanted to add signing support to make devices show the green checkmark when installing. The configuration profile contains a Web Clip and a Certificate (PEM).
When I use a certificate that is marked as a Certificate Authority in basicConstraints and the key used is RSA 2048 bits, the profile shows a root certificate warning and when installed, the profile shows up as verified successfully.
However, when using ECDSA P-256 for faster key generation, the profile does not show the root certificate warning and when installed it still shows up as unverified.
I manually checked the ASN.1 contents of both certificates and profiles and they're both exactly the same aside from the type of key they use.
Any idea why this happens?