Network Extension cannot access certificates stored in keychain by container app

Question

I have an iOS application that adds a keypair to the keychain, creates a CSR, receives a cert chain and inserts these certs into the keychain. I then make sure I can obtain