From d8d564f29b578692a348dfd32b6865a5daf50144 Mon Sep 17 00:00:00 2001
From: kyouheicf <85217388+kyouheicf@users.noreply.github.com>
Date: Wed, 25 Dec 2024 20:53:58 +0900
Subject: [PATCH] [ZT] macOS Big Sur or newer need to manually trust
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It need to be fixed from Ventura to Big Sur because of this release.

https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes#Security

>**Security**
>**New Features**
>- macOS Big Sur 11 beta improves system security by requiring an administrator password when a certificate trust settings change is made in the admin trust domain. Running as the root user alone is no longer sufficient to modify certificate trust. User trust domain settings continue to require confirmation by entering the password for the user’s account. This change may affect you if one of the following is true:
>   - You have written scripts which call /usr/bin/security add-trusted-cert -d ... as root.
>   - Your process runs as root and calls the SecTrustSettingsSetTrustSettings function to trust a certificate.

Ref. [security add-trusted-cert asks pas… | Apple Developer Forums](https://forums.developer.apple.com/forums/thread/671582)
---
 .../user-side-certificates/automated-deployment.mdx           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx
index d53d6848c1116a..c85720e45a536e 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx
@@ -40,7 +40,7 @@ The certificate is required if you want to [apply HTTP policies to encrypted web
 3. Turn on [**Install CA to system certificate store**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#install-ca-to-system-certificate-store).
 4. [Install](/cloudflare-one/connections/connect-devices/warp/download-warp/) the WARP client on the device.
 5. [Enroll the device](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) in your Zero Trust organization.
-6. (Optional) If the device is running macOS Ventura or newer, [manually trust the certificate](#manually-trust-the-certificate).
+6. (Optional) If the device is running macOS Big Sur or newer, [manually trust the certificate](#manually-trust-the-certificate).
 
 WARP will install the [certificate set to **In-Use**](/cloudflare-one/connections/connect-devices/user-side-certificates/#certificate-status). This certificate can be either a [Cloudflare-generated certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/#generate-a-cloudflare-root-certificate) or a [custom certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate/). If you turn on a new certificate for inspection, WARP will automatically install the new certificate and remove the old certificate from your users' devices.
 
@@ -65,7 +65,7 @@ The WARP client will also place the certificate in `/Library/Application Support
 
 #### Manually trust the certificate
 
-macOS Ventura and newer do not allow WARP to automatically trust the certificate. To manually trust the certificate:
+macOS Big Sur and newer do not allow WARP to automatically trust the certificate. To manually trust the certificate:
 
 1. In Keychain Access, [find and open the certificate](#macos).
 2. Open **Trust**.