diff --git a/agent/checks/check_test.go b/agent/checks/check_test.go
index d95b87a924b1..495fc1472bbc 100644
--- a/agent/checks/check_test.go
+++ b/agent/checks/check_test.go
@@ -836,12 +836,22 @@ func TestCheckHTTP_TLS_BadVerify(t *testing.T) {
 		if got, want := notif.State(cid), api.HealthCritical; got != want {
 			r.Fatalf("got state %q want %q", got, want)
 		}
-		if !strings.Contains(notif.Output(cid), "certificate signed by unknown authority") {
+		if !isInvalidCertificateError(notif.Output(cid)) {
 			r.Fatalf("should fail with certificate error %v", notif.OutputMap())
 		}
 	})
 }
 
+// isInvalidCertificateError checks the error string for an untrusted certificate error.
+// The specific error message is different on Linux and macOS.
+//
+// TODO: Revisit this when https://github.com/golang/go/issues/52010 is resolved.
+// We may be able to simplify this to check only one error string.
+func isInvalidCertificateError(err string) bool {
+	return strings.Contains(err, "certificate signed by unknown authority") ||
+		strings.Contains(err, "certificate is not trusted")
+}
+
 func mockTCPServer(network string) net.Listener {
 	var (
 		addr string
@@ -1400,9 +1410,8 @@ func TestCheckH2PING_TLS_BadVerify(t *testing.T) {
 		if got, want := notif.State(cid), api.HealthCritical; got != want {
 			r.Fatalf("got state %q want %q", got, want)
 		}
-		expectedOutput := "certificate signed by unknown authority"
-		if !strings.Contains(notif.Output(cid), expectedOutput) {
-			r.Fatalf("should have included output %s: %v", expectedOutput, notif.OutputMap())
+		if !isInvalidCertificateError(notif.Output(cid)) {
+			r.Fatalf("should fail with certificate error %v", notif.OutputMap())
 		}
 	})
 }