This has been previously working for iOS 7 and 8 devices but now the enrollment fails for new iOS 9 devices. This is what I see in the device logs.
Oct 26 18:00:34 iPhone profiled[412] <Notice>: (Note ) MC: Enrolling in OTA Profile service...
Oct 26 18:00:35 iPhone profiled[412] <Error>: SecTrustEvaluate [leaf AnchorTrusted]
Oct 26 18:00:38 iPhone securityd[83] <Error>: securityd_xpc_dictionary_handler profiled[412] add Error Domain=NSOSStatusErrorDomain Code=-25299 "duplicate item O,cert,159EFDE0,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20151026123038.608026Z,7C914284" UserInfo={NSDescription=duplicate item O,cert,159EFDE0,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20151026123038.608026Z,7C914284}
Oct 26 18:00:38 iPhone profiled[412] <Error>: SecOSStatusWith error:[-25299] Error Domain=NSOSStatusErrorDomain Code=-25299 "duplicate item O,cert,159EFDE0,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20151026123038.608026Z,7C914284" UserInfo={NSDescription=duplicate item O,cert,159EFDE0,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,20151026123038.608026Z,7C914284}
Oct 26 18:00:38 iPhone profiled[412] <Error>: SecTrustEvaluate [leaf AnchorTrusted]
Oct 26 18:00:38 iPhone profiled[412] <Notice>: (Note ) MC: Attempting to retrieve issued certificate...
Oct 26 18:00:39 iPhone securityd[83] <Error>: SecDbRecordChange db <SecDbConnection rw open> changed outside txn
Oct 26 18:00:39 iPhone profiled[412] <Notice>: (Note ) MC: Issued certificate received.
Oct 26 18:00:39 iPhone Preferences[406] <Notice>: (Error) MC: Install profile data, interactive error. Error: NSError:
Desc : Couldn’t communicate with a helper application.
Sugg : Try your operation again. If that fails, quit and relaunch the application and try again.
Domain : NSCocoaErrorDomain
Code : 4097
Extra info:
{
NSDebugDescription = "connection to service named com.apple.managedconfiguration.profiled";
}
Oct 26 18:00:39 iPhone com.apple.xpc.launchd[1] (com.apple.managedconfiguration.profiled[412]) <Notice>: Service exited due to signal: Trace/BPT trap: 5
Oct 26 18:00:40 iPhone ReportCrash[423] <Error>: assertion failed: 13A452: libsystem_trace.dylib + 15931 [45DE3123-E22D-320F-9F75-1CCD65A33451]: 0x0
Oct 26 18:00:40 iPhone Unknown[423] <Error>:
Oct 26 18:00:40 iPhone ReportCrash[423] <Warning>: os_activity_diagnostic_for_pid() failed!
Oct 26 18:00:40 iPhone ReportCrash[423] <Notice>: Formulating report for corpse[412] profiled
Just answering my own question. In order to create the X509 certificate from csr you need to create relative distinguished names (RDNs) and add it to the certificate. Once you get the X500Name from PKCS10CertificationRequest and set it to X509v3CertificateBuilder it throws this error. Rather you have to create separate X500Names and proceed with the certificate generation which solved this issue.