CloudXR Runtime 6.0.5 problem starting in secure mode

I am working on a Unity plugin for the new architecture. It works on non-secure mode. But the runtime fails to load certificates if I pass their paths. The logs show:

(E)\[2026-05-01 13:43:10,330\]=16:43:10=*00000*{224700}        Failed to start signaling server: 'I/O error: Failed to load certificate from stream'

Certs are geneated using:

openssl req -x509 -newkey rsa:4096 -nodes \
  -keyout key.pem -out cert.pem -days 365 -sha256 \
  -subj "/CN=localhost" \
  -addext "basicConstraints=CA:FALSE" \
  -addext "keyUsage=digitalSignature,keyEncipherment" \
  -addext "extendedKeyUsage=serverAuth" \
  -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"

I supply the paths as string parameters:

"D:\\certs\\cert.pem"
"D:\\certs\\key.pem";

if (!certPemPath.empty() && !keyPemPath.empty())
    {
        const char *kCertProp = "certificate-pem";
        auto certLen = (uint32_t)strlen(certPemPath.c_str());
        r = pfnSetString_(service_, kCertProp, strlen(kCertProp), certPemPath.c_str(), certLen);
        if (r != NV_CXR_SUCCESS)
        {
            LOG_ERROR("set certificate-pem failed: %d", r);
            pfnDestroy_(service_);
            service_ = nullptr;
            FreeLibrary(dllHandle_);
            dllHandle_ = nullptr;
            return false;
        }
        LOG_INFO("certificate-pem path set: %s", certPemPath.c_str());

        const char *kKeyProp = "key-pem";
        auto keyLen = (uint32_t)strlen(keyPemPath.c_str());
        r = pfnSetString_(service_, kKeyProp, strlen(kKeyProp), keyPemPath.c_str(), keyLen);
        if (r != NV_CXR_SUCCESS)
        {
            LOG_ERROR("set key-pem failed: %d", r);
            pfnDestroy_(service_);
            service_ = nullptr;
            FreeLibrary(dllHandle_);
            dllHandle_ = nullptr;
            return false;
        }
        LOG_INFO("key-pem path set: %s", keyPemPath.c_str());