Home > Mac administration, Mac OS X > Apple installer package certificate expiration

Apple installer package certificate expiration

On Friday, March 23rd at 1:26 PM Eastern Daylight Time, the certificate that Apple embedded in various Apple software installers expired.

Screen Shot 2012-03-24 at 1.48.34 PM

If you’re using Installer.app in Mac OS X’s GUI, you’ll get a warning about the certificate being invalid and asked if you want to install it anyway.

Screen Shot 2012-03-24 at 1.48.30 PM

However, the command line installer tool does not have the option of “certificate invalid, install anyway.” Instead, installations run with the installer tool will fail. This affects any systems management tool that uses Apple’s installer tool via the command line to install packages.

At this time, the best recommendation I have is to download new copies of the various Apple-provided installers that you need for your workflow. The new installers should include a new certificate that’s good until 2019.

Screen Shot 2012-03-24 at 1.46.24 PM

One installer in particular that you may want to re-download is the 10.7.3 installer from the Mac App Store, as the installer has a RemoteDesktop.pkg installer included that may have an expired certificate. Re-downloading the 10.7.3 installer from the MAS after Friday, March 23rd will give you a 10.7.3 installer that works properly.

Update: Greg Neagle’s checkPackageSignatures and flatpkgfixer scripts are extremely helpful here. checkPackageSignatures will help you find expired certificates in your packages and disk images. flatpkgfixer will help you with any software you can’t re-download by removing package signing either from single flat packages or from disk images that contain packages.

  1. Sylvain
    April 9, 2012 at 10:40 am


    I found a workaround for this. Change your system’s date setting to an earlier date and rerun the package installer. Disable automatic date/time sync in the system prefs to make sure it does not resync with Apple nntp servers.
    It proved to work for a MacOS 10.6.8 combo update package installer on my side.
    Good luck,

    • January 1, 2013 at 10:12 am

      Thanks Sylvain for posting the suggestion. This worked perfectly for me.

  2. Mark-Leon Thorne
    May 12, 2013 at 6:09 am

    Thanks so much for this. It really helped me out of a very frustrating situation.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: