All customers that are using some versions of our product are complaining because they are not able to connect to the service. This happens because a certificate validation done in the code is failing. The certificate didn't expire but looking into the console logs these error is observed:
default 08:39:03.218259 -0300 trustd cert[1]: BlackListedLeaf =(leaf)[force]> 0 default 08:39:03.218790 -0300 trustd cert[1]: BlackListedLeaf =(leaf)[force]> 0 default 08:39:03.218897 -0300 trustd cert[2]: AnchorTrusted =(leaf)[force]> 0 default 08:39:03.219086 -0300 trustd cert[1]: BlackListedLeaf =(path)[force]> 0 default 08:39:03.221455 -0300 dsAccessService Trust evaluate failure: [ca1 BlackListedLeaf] default 08:39:03.221929 -0300 NNNService SecStaticCode: verification failed (trust result 6, error -2147409652) default 08:39:03.221964 -0300 NNNService MacOS error: -2147409652 default 08:39:03.226483 -0300 NNNService MacOS error: -2147409652 default 08:39:03.853294 -0300 trustd cert[1]: BlackListedLeaf =(leaf)[force]> 0 default 08:39:03.853663 -0300 trustd cert[1]: BlackListedLeaf =(leaf)[force]> 0 default 08:39:03.853791 -0300 trustd cert[2]: AnchorTrusted =(leaf)[force]> 0 default 08:39:03.854047 -0300 trustd cert[1]: BlackListedLeaf =(path)[force]> 0 default 08:39:03.855542 -0300 NNNService Trust evaluate failure: [ca1 BlackListedLeaf] default 08:39:03.856172 -0300 NNNService SecStaticCode: verification failed (trust result 6, error -2147409652)
As you can see this is the certificate validation that fails: Trust evaluate failure: [ca1 BlackListedLeaf]
We need to understand why the app certificate is blacklisted. Is there any new policy enforced by Apple to blacklist certificates?
-
—
pa_szyrko
Add a CommentIs it possible that the issue be related with an update on for XProtect and MRT Configuration Data? https://eclecticlight.co/2021/08/23/apple-has-pushed-updates-to-xprotect-and-mrt-27/