[SERVER-56346] Update certificate definitions to match MacOS 10.15+ requirements Created: 26/Apr/21  Updated: 29/Oct/23  Resolved: 03/Feb/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.3.0

Type: Task Priority: Major - P3
Reporter: John Chen (Inactive) Assignee: Gabriel Marks
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Screen Shot 2021-04-26 at 10.14.02 AM.png    
Issue Links:
Depends
Related
related to SERVER-56364 Disable ssl and sslSpecial suites on ... Closed
is related to SERVER-64838 Renew all test certs Closed
is related to SERVER-75246 Renew all test certs Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2022-02-07
Participants:
Linked BF Score: 140

 Description   

Apple released some new requirements for certificates on MacOS 10.15 and newer, including M1 Macs. https://support.apple.com/en-us/HT210176
This issue seems to have presented on our new M1 Macs we received from MacStadium:
https://jira.mongodb.org/browse/BUILD-13029
One of our provisioning steps is to add trusted-ca-v1.pem (Trusted Kernel Test CA) to the user and system keychain, however, we receive a "This root certificate is not trusted" message from the Keychain Access app.

On our macos-1014 hosts, the certificates are automatically trusted when added.

Is the fact that the certificate expired past 825 days relevant to this issue?



 Comments   
Comment by Githook User [ 26/Apr/22 ]

Author:

{'name': 'Zakhar Kleyman', 'email': 'zakhar.kleyman@mongodb.com', 'username': 'zakhark'}

Message: BUILD-14627 install new certs for SERVER-56346
Branch: BUILD-14930
https://github.com/10gen/buildhost-configuration/commit/ad41b8b3e50f7ee10b39baab1661b4aa285195c8

Comment by Githook User [ 30/Mar/22 ]

Author:

{'name': 'Zakhar Kleyman', 'email': 'zakhar.kleyman@mongodb.com', 'username': 'zakhark'}

Message: BUILD-14627 install new certs for SERVER-56346
Branch: master
https://github.com/10gen/buildhost-configuration/commit/ad41b8b3e50f7ee10b39baab1661b4aa285195c8

Comment by Githook User [ 30/Mar/22 ]

Author:

{'name': 'Zakhar Kleyman', 'email': 'zakhar.kleyman@mongodb.com', 'username': 'zakhark'}

Message: BUILD-14627 install new certs for SERVER-56346
Branch: BUILD-14627
https://github.com/10gen/buildhost-configuration/commit/b8f11c0662eddaf64f68986c0137986d1868f418

Comment by Githook User [ 03/Feb/22 ]

Author:

{'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}

Message: SERVER-56346 Change certificate definitions to match OSX requirements
Branch: master
https://github.com/mongodb/mongo/commit/58a819a56aadb91e7cd62b8c2e2e493ce85fc0e1

Comment by Githook User [ 03/Feb/22 ]

Author:

{'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}

Message: SERVER-56346 Change certificate definitions to match OSX requirements
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/7fa28b575185d50dc6b2b403c54a0b8dbb23b875

Generated at Thu Feb 08 05:39:01 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.