Home > Mac administration, Mac OS X > Apple Software Update service errors due to expired SSL certificate

Apple Software Update service errors due to expired SSL certificate

When checking for Apple software updates today, my colleague Tim Sutton noticed that there was a problem with checking updates. When I checked for updates on my 10.8.x and 10.9.x Macs using the App Store and the command-line softwareupdate tool, I received the same error from both:

The operation couldn’t be completed. (NSURLErrorDomain error -1012.)

Screen Shot 2014-05-25 at 1.35.57 PM


Screen Shot 2014-05-25 at 1.37.28 PM


The reason for the error has its root in a change which Apple introduced with OS X 10.8.x, where Macs running 10.8.x and 10.9.x use an HTTPS URL to check for updates on Apple’s Software Update servers. It appears that the SSL certificate used to validate Apple’s Software Update service has expired as of Saturday, May 24th at 7:59:59 PM Eastern Daylight Time.

Screen Shot 2014-05-25 at 1.34.50 PM

Since the certificate needs to be valid in order for connections to Apple’s Software Update servers to work properly, the certificate expiration is preventing the Software Update service from connecting.

When I checked for software updates on Macs running 10.7.5 and 10.6.8, they were unaffected by this issue. Macs running 10.7.x and older use an HTTP URL to connect to Apple’s Software Update servers, which means they do not use an SSL certificate to validate the connection.

Screen Shot 2014-05-25 at 2.02.12 PM

Screen Shot 2014-05-25 at 2.05.16 PM

Hopefully, Apple is able to get a new certificate in place soon. Once a valid certificate is in place, Apple’s Software Update service should begin working again for Macs running 10.8.x and higher.

Update: May 25th, 2014 – It appears that Apple has acted with dispatch to fix this issue. A new SSL certificate is now in place, with an expiration date of Tuesday, May 24, 2016 at 7:59:59 PM Eastern Daylight Time.

Screen Shot 2014-05-25 at 2.36.11 PM

  1. May 25, 2014 at 6:31 pm

    Looks like it’s been fixed, and a new certificate is installed, expiring in two years.

  2. May 25, 2014 at 7:25 pm

    That reeks of incompetence, though, allowing that cert to expire before replacing it. I expect better from Apple.

    • May 26, 2014 at 8:06 am

      Agreed, but in some ways reduces my inner sysadmin anxiety to see the big guys screw up.

  3. Manny
    May 30, 2014 at 2:20 pm

    “It appears that Apple has acted with dispatch to fix this issue.”
    If there were a “Like” button, I’d like this comment just for using the word “dispatch” correctly! 🙂

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: