Use long-living certificates on iPhones

I would like to use our company's iPhones in the office network. In order to reduce maintenance work, we use an internal PKI with a CA that issues long-living certificates (10 years or so). In order for the devices to trust those certificates, we install the CA's certificate on all our client devices. This is working fine for Windows devices, for Linux devices and also for Android devices. Unfortunately, this does not work for iPhones (iOS 18.2.1). Safari just refuses to navigate to the internal websites and the Chrome browser shows an error message that the certificate lifetime is too long. I know there's a restriction on the certificate's validity times introduced by the CA/Browser Forum to ensure that information in certificates are not outdated, but that document clearly targets publicly trusted TLS certificates. All major browser manufacturers and OSes apply this restrictions only to certificates issued by CAs included on their stock trusted CA list. Manually added CAs are not affected by this limitation. I think, also Apple (being a member of the CA/B Forum) implemented certificate trust it this way (though I'm not absolutely sure). But for some reason, this seems not to be the case anymore. ### Is this behavior intended? If so: - Why did Apple change this policy? - Is there some statement from them? - Is there an option to disable that behavior and switch back to the old rules? ### Or is this a bug in the current iOS version? If so: - is there some update or fix that can be applied? - Does anyone know, if it will be fixed in the next release?