OS X Installers Downloaded Prior to February 14 No Longer Work After Certificate Update

[MacRumors]

Back in February, Apple's Worldwide Developer Certificate, designed to verify third-party apps and services, expired, requiring Apple to issue a new certificate for developers to use.

As pointed out by TidBITS (via Ars Technica) a side effect of the replacement of the certificate causes older OS X installers to fail to launch. OS X installation files downloaded from the Mac App Store before February 14, 2016 and stored on a computer or USB drive are no longer functional. This includes installation files for OS X El Capitan and older versions of OS X like Mavericks and Mountain Lion.

Image via TidBITS​

​

Users who keep OS X installers on hand or have created USB install disks in case of emergencies should replace their files with new versions by re-downloading them through the Mac App Store using purchased history. TidBITS points out that some older versions of OS X, like Lion, will not be downloadable on newer machines. Users who can't replace an expired certificate can still use older installers by changing the dates on their machines.

If you are in the middle of an OS X install and get tripped up by the expired certificate, Randy Singer offers a suggestion on how you can work around the problem quickly, without having to download a new installer:

1. In the OS X Installer, choose Utilities > Terminal.
2. Enter date 0201010116 and press Return.
3. Quit Terminal and continue the install.

That Terminal command sets your system date to 1 February 2016 -- before the certificate's expiration -- so the installer can continue. Once you have completed the installation, visit System Preferences > Date & Time to reset the system date.

Apple's certificate renewal process resulted in some problems for developers and Mac users back in November, as it caused multiple Mac App Store apps to display a "damaged" error and fail to open. Apple quickly addressed the issue and has helped developers transition to the new certificate.

Article Link: OS X Installers Downloaded Prior to February 14 No Longer Work After Certificate Update

 

[garirry]

Apple needs to make it so that anyone can download any version of OS X at any time, even if it's not compatible with their system. It's annoying how I can't download any version of OS X on my MacBook because it isn't compatible, so I have to go search for another Mac and download from there.

 

[0815]

But be careful not to set the date to January 1st, 1970 ... you don't want to brick your mac

 

[pat500000]

This is stupid. I don't believe people as the consumers need to deal with this issue. This should have been resolved long time ago.

 

[anzio]

This is stupid. I don't believe people as the consumers need to deal with this issue. This should have been resolved long time ago.

It's an expired certificate? It's not really an issue. You need to grab a new copy that's signed with the new certificate.

 

[jonnysods]

Man why would they do that? My friend has an older machine and I wouldn't recommend it goes past mountain lion, but a fresh install will be a big hassle to them because they don't know Terminal commands! (they don't even know what Terminal is)

 

[emm386]

Apple screwed up big time here, I'm sure we all remember. Essentially though, the certification system is what's broken here.
really annoying though I find is, that the plain simple user is no more the authority over his own system.

A user should always be able to override what a system thinks is its best intent. Even if it's the wrong decision, even if I have to deal with catastrophic consequences: I (and no one else) should be able to decide, what's happening on my system. I can live with my computer misbehaving and me having to carry the consequences. but I can not live with the fact, that I no longer am in control. Admittedly, not even Microsoft gets this nowadays. at least not to the level I used to.

 

[elchuz]

AHHH!!! That´s explain a lot

 

[Luke MacWalker]

Apple screwed up big time here, I'm sure we all remember. Essentially though, the certification system is what's broken here.
really annoying though I find is, that the plain simple user is no more the authority over his own system.

A user should always be able to override what a system thinks is its best intent. Even if it's the wrong decision, even if I have to deal with catastrophic consequences: I (and no one else) should be able to decide, what's happening on my system. I can live with my computer misbehaving and me having to carry the consequences. but I can not live with the fact, that I no longer am in control. Admittedly, not even Microsoft gets this nowadays. at least not to the level I used to.

Well said!

 

[macsba]

I haven't tried it but after right-clicking on the installer to show package contents and drilling down to the ESD file. Would the ESD file installer bypass the certificate? Just wondering.

 

[Stridder44]

You simply re-download a new copy? Sounds like a non-issue. But of course people will bitch about anything.

 

[firewood]

You simply re-download a new copy? Sounds like a non-issue.

Unless you are located somewhere remote with no broadband or even any reliable internet.

 

[jonblatho]

Apple screwed up big time here, I'm sure we all remember. Essentially though, the certification system is what's broken here.
really annoying though I find is, that the plain simple user is no more the authority over his own system.

A user should always be able to override what a system thinks is its best intent. Even if it's the wrong decision, even if I have to deal with catastrophic consequences: I (and no one else) should be able to decide, what's happening on my system. I can live with my computer misbehaving and me having to carry the consequences. but I can not live with the fact, that I no longer am in control. Admittedly, not even Microsoft gets this nowadays. at least not to the level I used to.

You do realize the implications of a user being too lazy to download a new copy of OS X and instead jumping through whatever hoops necessary to install a copy of OS X that may have been maliciously modified, right?

 

[drumcat]

Unless you are located somewhere remote with no broadband or even any reliable internet.

Or you have monthly data limits for your broadband.

 

[emm386]

You do realize the implications of a user being too lazy to download a new copy of OS X and instead jumping through whatever hoops necessary to install a copy of OS X that may have been maliciously modified, right?

Yes, I do. I can do hash checks myself. And a good setup routine could even do that for me.

But that wasn't my point.

 

[Gasu E.]

Duh-Lated by user.

 

[macs4nw]

......A user should always be able to override what a system thinks is its best intent. Even if it's the wrong decision, even if I have to deal with catastrophic consequences: I (and no one else) should be able to decide, what's happening on my system. I can live with my computer misbehaving and me having to carry the consequences. but I can not live with the fact, that I no longer am in control. Admittedly, not even Microsoft gets this nowadays. at least not to the level I used to.

I share your frustration , believe me, but I can also appreciate where Apple is coming from.

It's probably a carefully calculated decision on their part that there's massively more potential PR harm from untold compatibility conflicts in the Mac user community, than from a small but vocal group of users who want to chart their own software usage future.

 

[Brian33]

Can anyone tell me how I can verify that my saved installers have this problem, as I can't seem to reproduce the error message!

I created a flash USB installer stick for Mountain Lion long ago, and I can still boot (an appropriate machine) with it. In the "OS X Utilities" window I select "Reininstall OS X" and click Continue, which brings me to "Install OS X Mountain Lion" window. From there I can click Continue --> Agree--> and select a disk, and never see an error message (but I stopped short of clicking on the apparently final "Install" button).

Would I actually have to have the installer try to copy (replace) files for the issue to appear? From the original description of the issue that doesn't seem to make sense. It appears I'm already running the "Install OS X Mountain Lion" application, without getting any expired certificate error.

How can I verify this issue could really occur with my installers without actually doing a re-install?

 

[Glassed Silver]

Thanks nanny Apple.

You could just remove the DRM from OS X entirely and let me mind my own business instead, too.
Provide hash values for the installers and all is fine.
I know this isn't the easy way for everyone, but why not provide both options?

Glassed Silver:mac

 

[tywebb13]

The new one will expire on February 7, 2023.

Trouble is how many new OS X systems will there be before then? Including the old ones starting from Lion, probably about 11. This will be much harder to redownload than the 5 we need to redownload now. They need to make an exception for OS X installers and remove the certificate altogether.

 

[Mr. Retrofire]

@Glassed Silver:
The installer application certificate is nonsense because the Mac App Store does download the OS X installers via an encrypted connection, which ensures that the user obtains a valid installer application from a verified IP address. See also:
https://www.ssllabs.com/ssltest/analyze.html?d=swscan.apple.com&latest

If someone downloads OS X from other sources, it is his/her security problem, not a security problem for Apple.

 

[Westside guy]

This is a compelling argument to, whenever possible, avoid purchasing software through the Mac App Store.

 

[M2M]

Don't you just have to lower security settings to be able to just install any software ? After done you can max security back ...

As an alternative can't you just create a USB installer with Terminal commands ?

 

[JosephAW]

It's the new designed obsolescence. I had to set my date back when installing iLife 4 so this is nothing new. Also my Adobe cs3 installers had a similar issue with the updates. Fortunately you can set the date back on computers... For now.
[doublepost=1457052500][/doublepost]I wonder if iOS 8 will suffer from this? I should set my computer to 2023 and my phone and see if it will sync. Something tells me I might run into a problem and all my apps I purchased might be dead?

 

[DonutHands]

Does anyone know if this also affects OS X installers created with DiskMakerX?