diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs
index ad4baa38cc3f71..dd8fb2ac2ddafd 100644
--- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.iOS/AppleCertificatePal.ImportExport.cs
@@ -114,10 +114,16 @@ internal static ICertificatePal FromDerBlob(
 
             if (contentType == X509ContentType.Pkcs12)
             {
-                // TODO:
-                // We ignore keyStorageFlags which is tracked in https://github.com/dotnet/runtime/issues/52434.
-                // The keys are always imported as ephemeral and never persisted. Exportability is ignored for
-                // the moment and it needs to be investigated how to map it to iOS keychain primitives.
+                if ((keyStorageFlags & X509KeyStorageFlags.Exportable) == X509KeyStorageFlags.Exportable)
+                {
+                    throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_ExportableNotSupported);
+                }
+
+                if ((keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet)
+                {
+                    throw new PlatformNotSupportedException(SR.Cryptography_X509_PKCS12_PersistKeySetNotSupported);
+                }
+
                 return ImportPkcs12(rawData, password, ephemeralSpecified);
             }
 
diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx b/src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx
index 322e2bab91d0c4..eab4b5a5ba1fa5 100644
--- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Resources/Strings.resx
@@ -295,6 +295,12 @@
   <data name="Cryptography_X509_PKCS7_Unsupported" xml:space="preserve">
     <value>PKCS#7 certificate format is not supported on this platform.</value>
   </data>
+  <data name="Cryptography_X509_PKCS12_PersistKeySetNotSupported" xml:space="preserve">
+    <value>The PKCS#12 PersistKeySet flag is not supported on this platform.</value>
+  </data>
+  <data name="Cryptography_X509_PKCS12_ExportableNotSupported" xml:space="preserve">
+    <value>The PKCS#12 Exportable flag is not supported on this platform.</value>
+  </data>
   <data name="Cryptography_X509_StoreAddFailure" xml:space="preserve">
     <value>The X509 certificate could not be added to the store.</value>
   </data>