Hi Kamil,
It has to be:
--8<---------------cut here---------------start------------->8---
openssl pkcs12 -export -legacy -inkey private/key -in cert -out cert.p12
--8<---------------cut here---------------end--------------->8---
and then profile was installed correctly.
Note that `-legacy` is an option only available since OpenSSL 3. It
causes the legacy crypto provider to get loaded, which makes RC2 and
3DES available and the latter the default algorithm to encrypt the
private key. Without that option AES256-CBC is used instead and PBKDF2
replaces the legacy PKCS#12 KDF to derive the encryption key. Apple
clients apparently only support the old PKCS#5 schemes.
I've added this to the known issues in the documentation [1].
Regards,
Tobias
[1]
https://docs.strongswan.org/docs/5.9/interop/appleIkev2Profile.html#_known_issues
