diff --git a/jstests/ssl_linear/ssl_modes_not_disabled_ingress.js b/jstests/ssl_linear/ssl_modes_not_disabled_ingress.js
index 67e0e19a068..690a1827738 100644
--- a/jstests/ssl_linear/ssl_modes_not_disabled_ingress.js
+++ b/jstests/ssl_linear/ssl_modes_not_disabled_ingress.js
@@ -2,18 +2,29 @@
 // ingress connections accepted by both TCP/IP and Unix Domain sockets.
 
 import {ShardingTest} from "jstests/libs/shardingtest.js";
-import {
-    runTLSModeTest,
-    TRUSTED_CA_CERT,
-    TRUSTED_CLIENT_CERT,
-    TRUSTED_CLUSTER_CERT,
-    TRUSTED_SERVER_CERT,
-} from "jstests/ssl/libs/ssl_helpers.js";
+import {runTLSModeTest} from "jstests/ssl/libs/ssl_helpers.js";
 
 if (_isWindows()) {
     quit();
 }
 
+const HOST_TYPE = getBuildInfo().buildEnvironment.target_os;
+jsTest.log.info("HOST_TYPE = " + HOST_TYPE);
+
+let trustedCA = getX509Path("trusted-ca.pem");
+let trustedServer = getX509Path("trusted-server.pem");
+let trustedClient = getX509Path("trusted-client.pem");
+
+if (HOST_TYPE == "macOS") {
+    trustedCA = "/opt/x509/macos-trusted-ca.pem";
+    trustedServer = "/opt/x509/macos-trusted-server.pem";
+    trustedClient = "/opt/x509/macos-trusted-client.pem";
+    // Ensure trustedCA is properly installed on MacOS hosts.
+    // (MacOS is the only OS where it is installed outside of this test)
+    let exitCode = runProgram("security", "verify-cert", "-c", trustedClient);
+    assert.eq(0, exitCode, "Check for proper installation of Trusted CA on MacOS host");
+}
+
 // jstests/sslSpecial/ssl_modes_disabled_ingress.js covers 'disabled'. We can't
 // include all of them in one file because ssl_special doesn't support requireTLS while
 // ssl_linear doesn't support disabled.
@@ -22,7 +33,7 @@ mkdir(socketPrefix);
 
 function runTestWithMode(tlsMode) {
     const mongod = MongoRunner.runMongod(tlsMode);
-    runTLSModeTest(mongod, tlsMode.tlsMode, TRUSTED_CLIENT_CERT, TRUSTED_CA_CERT, socketPrefix);
+    runTLSModeTest(mongod, tlsMode.tlsMode, trustedClient, trustedCA, socketPrefix);
     MongoRunner.stopMongod(mongod);
 
     const st = new ShardingTest({
@@ -36,31 +47,31 @@ function runTestWithMode(tlsMode) {
             useHostname: false,
         },
     });
-    runTLSModeTest(st.s0, tlsMode.tlsMode, TRUSTED_CLIENT_CERT, TRUSTED_CA_CERT, socketPrefix);
+    runTLSModeTest(st.s0, tlsMode.tlsMode, trustedClient, trustedCA, socketPrefix);
     st.stop();
 }
 
 const requireTLSMode = {
     tlsMode: "requireTLS",
-    tlsCertificateKeyFile: TRUSTED_SERVER_CERT,
-    tlsCAFile: TRUSTED_CA_CERT,
-    tlsClusterFile: TRUSTED_CLUSTER_CERT,
+    tlsCertificateKeyFile: trustedServer,
+    tlsCAFile: trustedCA,
+    tlsClusterFile: trustedClient,
     unixSocketPrefix: socketPrefix,
 };
 
 const allowTLSMode = {
     tlsMode: "allowTLS",
-    tlsCertificateKeyFile: TRUSTED_SERVER_CERT,
-    tlsCAFile: TRUSTED_CA_CERT,
-    tlsClusterFile: TRUSTED_CLUSTER_CERT,
+    tlsCertificateKeyFile: trustedServer,
+    tlsCAFile: trustedCA,
+    tlsClusterFile: trustedClient,
     unixSocketPrefix: socketPrefix,
 };
 
 const preferTLSMode = {
     tlsMode: "preferTLS",
-    tlsCertificateKeyFile: TRUSTED_SERVER_CERT,
-    tlsCAFile: TRUSTED_CA_CERT,
-    tlsClusterFile: TRUSTED_CLUSTER_CERT,
+    tlsCertificateKeyFile: trustedServer,
+    tlsCAFile: trustedCA,
+    tlsClusterFile: trustedClient,
     unixSocketPrefix: socketPrefix,
 };