[Bug] Intermediate certificates sample does not work on MacOS

[bergundy]

Describe the bug
When trying to connect the Worker to a server using the tls-full sample, connection fails with [TransportError: transport error: error trying to connect: invalid certificate: UnknownIssuer]

To Reproduce
Steps to reproduce the behavior:

1. Follow the mTLS tutorial but use tls-full instead of simple
2. Run the Worker

TEMPORAL_ADDRESS=localhost \
TEMPORAL_NAMESPACE=accounting \
TEMPORAL_CLIENT_CERT_PATH=certs/client/accounting/client-accounting-namespace-chain.pem \
TEMPORAL_CLIENT_KEY_PATH=certs/client/accounting/client-accounting-namespace.key \
TEMPORAL_SERVER_NAME_OVERRIDE=accounting.cluster-x.contoso.com \
TEMPORAL_SERVER_ROOT_CA_CERT_PATH=certs/cluster/ca/server-intermediate-ca.pem \
npm start

Expected behavior
Worker should connect to server

Versions (please complete the following information where relevant):

• OS: Mac
• Temporal Version: temporalio/auto-setup@sha256:004f4440664f13c3b049eaad5c019c9f780082d8752655d01ef91e322b482097

Additional context
Tried using different certificates without success, seems like this is a MacOS issue, @Sushisource got it working on Linux.

[liammurray]

I believe I am running into this, although I only see "[TransportError: transport error]". I can connect with tctl but not from my typescript SDK worker using the same certificates and client key. I also get the same error when I run the worker in a docker container (local and on a Linux node).

[liammurray]

I got it to work with just a root CA (no intermediate) by adding -sha256 to the openssl commands generating the certs (it was defaulting to sha1, possibly due to something else I had going on). Once that was fixed I switched back to an end entity cert signed with an intermediate CA and I started getting "Failed to connect before the deadline" (due to "unable to get issuer certificate" as observed in grpc-js logs). I believe that is this issue: grpc/grpc-node#1784.