Apple installer package certificate expiration
On Friday, March 23rd at 1:26 PM Eastern Daylight Time, the certificate that Apple embedded in various Apple software installers expired.
If you’re using Installer.app in Mac OS X’s GUI, you’ll get a warning about the certificate being invalid and asked if you want to install it anyway.
However, the command line installer tool does not have the option of “certificate invalid, install anyway.” Instead, installations run with the installer tool will fail. This affects any systems management tool that uses Apple’s installer tool via the command line to install packages.
At this time, the best recommendation I have is to download new copies of the various Apple-provided installers that you need for your workflow. The new installers should include a new certificate that’s good until 2019.
One installer in particular that you may want to re-download is the 10.7.3 installer from the Mac App Store, as the installer has a RemoteDesktop.pkg installer included that may have an expired certificate. Re-downloading the 10.7.3 installer from the MAS after Friday, March 23rd will give you a 10.7.3 installer that works properly.
Update: Greg Neagle’s checkPackageSignatures and flatpkgfixer scripts are extremely helpful here. checkPackageSignatures will help you find expired certificates in your packages and disk images. flatpkgfixer will help you with any software you can’t re-download by removing package signing either from single flat packages or from disk images that contain packages.