OS X Installers Downloaded Prior to February 14 No Longer Work After Certificate Update

Discussion in 'Mac Blog Discussion' started by MacRumors, Mar 3, 2016.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Back in February, Apple's Worldwide Developer Certificate, designed to verify third-party apps and services, expired, requiring Apple to issue a new certificate for developers to use.

    As pointed out by TidBITS (via Ars Technica) a side effect of the replacement of the certificate causes older OS X installers to fail to launch. OS X installation files downloaded from the Mac App Store before February 14, 2016 and stored on a computer or USB drive are no longer functional. This includes installation files for OS X El Capitan and older versions of OS X like Mavericks and Mountain Lion.

    [​IMG]
    Image via TidBITS

    Users who keep OS X installers on hand or have created USB install disks in case of emergencies should replace their files with new versions by re-downloading them through the Mac App Store using purchased history. TidBITS points out that some older versions of OS X, like Lion, will not be downloadable on newer machines. Users who can't replace an expired certificate can still use older installers by changing the dates on their machines.
    Apple's certificate renewal process resulted in some problems for developers and Mac users back in November, as it caused multiple Mac App Store apps to display a "damaged" error and fail to open. Apple quickly addressed the issue and has helped developers transition to the new certificate.

    Article Link: OS X Installers Downloaded Prior to February 14 No Longer Work After Certificate Update
     
  2. garirry macrumors 65816

    garirry

    Joined:
    Apr 27, 2013
    Location:
    Poutine Queen Land
    #2
    Apple needs to make it so that anyone can download any version of OS X at any time, even if it's not compatible with their system. It's annoying how I can't download any version of OS X on my MacBook because it isn't compatible, so I have to go search for another Mac and download from there.
     
  3. 0815 macrumors 68000

    0815

    Joined:
    Jul 9, 2010
    Location:
    here and there but not over there
    #3
    But be careful not to set the date to January 1st, 1970 ... you don't want to brick your mac ;)
     
  4. pat500000 macrumors 601

    pat500000

    Joined:
    Jun 3, 2015
    #4
    This is stupid. I don't believe people as the consumers need to deal with this issue. This should have been resolved long time ago.
     
  5. anzio macrumors 6502

    Joined:
    Dec 5, 2010
    Location:
    Barrie, ON
    #5
    It's an expired certificate? It's not really an issue. You need to grab a new copy that's signed with the new certificate.
     
  6. jonnysods macrumors 601

    jonnysods

    Joined:
    Sep 20, 2006
    Location:
    There & Back Again
    #6
    Man why would they do that? My friend has an older machine and I wouldn't recommend it goes past mountain lion, but a fresh install will be a big hassle to them because they don't know Terminal commands! (they don't even know what Terminal is)
     
  7. emm386 macrumors regular

    emm386

    Joined:
    Feb 5, 2016
    #7
    Apple screwed up big time here, I'm sure we all remember. Essentially though, the certification system is what's broken here.
    really annoying though I find is, that the plain simple user is no more the authority over his own system.

    A user should always be able to override what a system thinks is its best intent. Even if it's the wrong decision, even if I have to deal with catastrophic consequences: I (and no one else) should be able to decide, what's happening on my system. I can live with my computer misbehaving and me having to carry the consequences. but I can not live with the fact, that I no longer am in control. Admittedly, not even Microsoft gets this nowadays. at least not to the level I used to.
     
  8. elchuz macrumors newbie

    Joined:
    Mar 3, 2016
  9. Luke MacWalker macrumors newbie

    Joined:
    Jun 10, 2014
    #9
    Well said!
     
  10. macsba macrumors regular

    Joined:
    Jan 5, 2015
    Location:
    Next to my Mac.
    #10
    I haven't tried it but after right-clicking on the installer to show package contents and drilling down to the ESD file. Would the ESD file installer bypass the certificate? Just wondering.
     
  11. Stridder44 macrumors 68040

    Stridder44

    Joined:
    Mar 24, 2003
    Location:
    California
    #11
    You simply re-download a new copy? Sounds like a non-issue. But of course people will bitch about anything.
     
  12. firewood macrumors 604

    Joined:
    Jul 29, 2003
    Location:
    Silicon Valley
    #12
    Unless you are located somewhere remote with no broadband or even any reliable internet.
     
  13. jonblatho macrumors 6502

    jonblatho

    Joined:
    Jan 20, 2014
    Location:
    Oklahoma/Missouri
    #13
    You do realize the implications of a user being too lazy to download a new copy of OS X and instead jumping through whatever hoops necessary to install a copy of OS X that may have been maliciously modified, right?
     
  14. drumcat macrumors 6502

    drumcat

    Joined:
    Feb 28, 2008
    Location:
    Otautahi, Aotearoa
    #14
    Or you have monthly data limits for your broadband.
     
  15. emm386, Mar 3, 2016
    Last edited: Mar 3, 2016

    emm386 macrumors regular

    emm386

    Joined:
    Feb 5, 2016
    #15
    Yes, I do. I can do hash checks myself. And a good setup routine could even do that for me.

    But that wasn't my point.
     
  16. Gasu E. macrumors 68040

    Gasu E.

    Joined:
    Mar 20, 2004
    Location:
    Not far from Boston, MA.
  17. macs4nw macrumors 68040

    macs4nw

    #17
    I share your frustration :(:mad::(, believe me, but I can also appreciate where Apple is coming from.

    It's probably a carefully calculated decision on their part that there's massively more potential PR harm from untold compatibility conflicts in the Mac user community, than from a small but vocal group of users who want to chart their own software usage future.
     
  18. Brian33 macrumors 6502a

    Joined:
    Apr 30, 2008
    Location:
    USA (Virginia)
    #18
    Can anyone tell me how I can verify that my saved installers have this problem, as I can't seem to reproduce the error message!

    I created a flash USB installer stick for Mountain Lion long ago, and I can still boot (an appropriate machine) with it. In the "OS X Utilities" window I select "Reininstall OS X" and click Continue, which brings me to "Install OS X Mountain Lion" window. From there I can click Continue --> Agree--> and select a disk, and never see an error message (but I stopped short of clicking on the apparently final "Install" button).

    Would I actually have to have the installer try to copy (replace) files for the issue to appear? From the original description of the issue that doesn't seem to make sense. It appears I'm already running the "Install OS X Mountain Lion" application, without getting any expired certificate error.

    How can I verify this issue could really occur with my installers without actually doing a re-install?
     
  19. Glassed Silver macrumors 68000

    Glassed Silver

    Joined:
    Mar 10, 2007
    Location:
    Kassel, Germany
    #19
    Thanks nanny Apple.

    You could just remove the DRM from OS X entirely and let me mind my own business instead, too.
    Provide hash values for the installers and all is fine.
    I know this isn't the easy way for everyone, but why not provide both options?

    Glassed Silver:mac
     
  20. tywebb13, Mar 3, 2016
    Last edited: Mar 3, 2016

    tywebb13 macrumors 68000

    Joined:
    Apr 21, 2012
    #20
    The new one will expire on February 7, 2023.

    Trouble is how many new OS X systems will there be before then? Including the old ones starting from Lion, probably about 11. This will be much harder to redownload than the 5 we need to redownload now. They need to make an exception for OS X installers and remove the certificate altogether.
     
  21. Mr. Retrofire, Mar 3, 2016
    Last edited: Mar 3, 2016

    Mr. Retrofire macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl/en
    #21
    @Glassed Silver:
    The installer application certificate is nonsense because the Mac App Store does download the OS X installers via an encrypted connection, which ensures that the user obtains a valid installer application from a verified IP address. See also:
    https://www.ssllabs.com/ssltest/analyze.html?d=swscan.apple.com&latest

    If someone downloads OS X from other sources, it is his/her security problem, not a security problem for Apple.
     
  22. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #22
    This is a compelling argument to, whenever possible, avoid purchasing software through the Mac App Store.
     
  23. M2M, Mar 3, 2016
    Last edited: Mar 3, 2016

    M2M macrumors regular

    M2M

    Joined:
    Jan 12, 2009
    #23
    Don't you just have to lower security settings to be able to just install any software ? After done you can max security back ...

    As an alternative can't you just create a USB installer with Terminal commands ?
     
  24. JosephAW macrumors 6502a

    JosephAW

    Joined:
    May 14, 2012
    #24
    It's the new designed obsolescence. I had to set my date back when installing iLife 4 so this is nothing new. Also my Adobe cs3 installers had a similar issue with the updates. Fortunately you can set the date back on computers... For now.
    --- Post Merged, Mar 3, 2016 ---
    I wonder if iOS 8 will suffer from this? I should set my computer to 2023 and my phone and see if it will sync. Something tells me I might run into a problem and all my apps I purchased might be dead?
     
  25. DonutHands macrumors regular

    DonutHands

    Joined:
    Dec 20, 2011
    Location:
    Los Angeles
    #25
    Does anyone know if this also affects OS X installers created with DiskMakerX?
     

Share This Page