Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-56346

Investigate new certificate requirements on MacOS 10.15 and newer

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 6.0 Required
    • Component/s: None
    • Labels:
      None

      Description

      Apple released some new requirements for certificates on MacOS 10.15 and newer, including M1 Macs. https://support.apple.com/en-us/HT210176
      This issue seems to have presented on our new M1 Macs we received from MacStadium:
      https://jira.mongodb.org/browse/BUILD-13029
      One of our provisioning steps is to add trusted-ca-v1.pem (Trusted Kernel Test CA) to the user and system keychain, however, we receive a "This root certificate is not trusted" message from the Keychain Access app.

      On our macos-1014 hosts, the certificates are automatically trusted when added.

      Is the fact that the certificate expired past 825 days relevant to this issue?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              backlog-server-security Backlog - Security Team
              Reporter:
              john.chen John Chen (Inactive)
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated: