I also reproduced the same error and I created my p12 file with "step certificate" command on Windows WSL. How can I tell if my issue has the same root cause and how to fix it? This is how I created the my certificates: Create self-signed ca: --deployment-type standalone --name MqttAppSamplesCA --dns localhost --address 127.0.0.1:443 --provisioner MqttAppSamplesCAProvisioner Create client crt and key files: --deployment-type standalone --name MqttAppSamplesCA --dns localhost --address 127.0.0.1:443 --provisioner MqttAppSamplesCAProvisioner Create p12 file: step certificate p12 sample_client3.p12 sample_client3.pem sample_client3.key --password-file=password.txt Call: let clientCertPath = Bundle.main.path(forResource: "sample_client3", ofType: "p12") let status = loadP12(filename: clientCertPath!, password: password) public static func loadP12(filename: String, password: String) throws -> OSStatus { let data = try Data(contentsOf: URL(fileURLWithPath: filename)) let options: [String: String] = [kSecImportExportPassphrase as String: password] var rawItems: CFArray? return SecPKCS12Import(data as CFData, options as CFDictionary, &rawItems) }

Sorry there are some errors in my last post but I can't edit it. Re-post it again: I also reproduced the same error and I created my p12 file with "step certificate" command on Windows WSL. How can I tell if my issue has the same root cause and how to fix it? This is how I created the my certificates: Create self-signed ca: step ca init --deployment-type standalone --name MqttAppSamplesCA --dns localhost --address 127.0.0.1:443 --provisioner MqttAppSamplesCAProvisioner Create client crt and key files: step certificate create sample_client3 sample_client3.pem sample_client3.key --ca ~/.step/certs/intermediate_ca.crt --ca-key ~/.step/secrets/intermediate_ca_key --no-password --insecure --not-after 2400h Create p12 file: step certificate p12 sample_client3.p12 sample_client3.pem sample_client3.key --password-file=password.txt Call SecPKCS12Import let clientCertPath = Bundle.main.path(forResource: "sample_client3", ofType: "p12") let status = loadP12(filename: clientCertPath!, password: password) public static func loadP12(filename: String, password: String) throws -> OSStatus { let data = try Data(contentsOf: URL(fileURLWithPath: filename)) let options: [String: String] = [kSecImportExportPassphrase as String: password] var rawItems: CFArray? return SecPKCS12Import(data as CFData, options as CFDictionary, &rawItems) }

@vxdev I got similar debug logs: Trust failed: “DigiCert Global Root G3” certificate is not trusted boringssl_context_handle_fatal_alert(2072) [C1.1.1:1][0x103e54b50] write alert, level: fatal, description: certificate unknown boringssl_context_error_print(2062) [C1.1.1:1][0x103e54b50] Error: 4389557808:error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED:/Library/Caches/com.apple.xbs/Sources/boringssl_Sim/ssl/handshake.cc:419: boringssl_session_handshake_incomplete(210) [C1.1.1:1][0x103e54b50] SSL library error boringssl_session_handshake_error_print(44) [C1.1.1:1][0x103e54b50] Error: 4389557808:error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED:/Library/Caches/com.apple.xbs/Sources/boringssl_Sim/ssl/handshake.cc:419: nw_protocol_boringssl_handshake_negotiate_proceed(779) [C1.1.1:1][0x103e54b50] handshake failed at state 12288: not completed Can you let me know how do you get the console logs? I'd like to double check if we are running into same issue

I'm using this script to create server (root) and client certs: https://github.com/liumiaojq/mqtt-nio/pull/1/files. However I don't observe any SCT in both certs. How do I modify the scripts to add SCT?