OS X Installers Downloaded Prior to February 14 No Longer Work After Certificate Update

Discussion in 'Mac Blog Discussion' started by MacRumors, Mar 3, 2016.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Back in February, Apple's Worldwide Developer Certificate, designed to verify third-party apps and services, expired, requiring Apple to issue a new certificate for developers to use.

    As pointed out by TidBITS (via Ars Technica) a side effect of the replacement of the certificate causes older OS X installers to fail to launch. OS X installation files downloaded from the Mac App Store before February 14, 2016 and stored on a computer or USB drive are no longer functional. This includes installation files for OS X El Capitan and older versions of OS X like Mavericks and Mountain Lion.

    Image via TidBITS

    Users who keep OS X installers on hand or have created USB install disks in case of emergencies should replace their files with new versions by re-downloading them through the Mac App Store using purchased history. TidBITS points out that some older versions of OS X, like Lion, will not be downloadable on newer machines. Users who can't replace an expired certificate can still use older installers by changing the dates on their machines.
    Apple's certificate renewal process resulted in some problems for developers and Mac users back in November, as it caused multiple Mac App Store apps to display a "damaged" error and fail to open. Apple quickly addressed the issue and has helped developers transition to the new certificate.

    Article Link: OS X Installers Downloaded Prior to February 14 No Longer Work After Certificate Update
  2. garirry macrumors 68000


    Apr 27, 2013
    Canada is my city
    Apple needs to make it so that anyone can download any version of OS X at any time, even if it's not compatible with their system. It's annoying how I can't download any version of OS X on my MacBook because it isn't compatible, so I have to go search for another Mac and download from there.
  3. 0815 macrumors 68000


    Jul 9, 2010
    here and there but not over there
    But be careful not to set the date to January 1st, 1970 ... you don't want to brick your mac ;)
  4. pat500000 macrumors G3


    Jun 3, 2015
    This is stupid. I don't believe people as the consumers need to deal with this issue. This should have been resolved long time ago.
  5. anzio macrumors 6502

    Dec 5, 2010
    Innisfil, Ontario, Canada
    It's an expired certificate? It's not really an issue. You need to grab a new copy that's signed with the new certificate.
  6. jonnysods macrumors 603


    Sep 20, 2006
    There & Back Again
    Man why would they do that? My friend has an older machine and I wouldn't recommend it goes past mountain lion, but a fresh install will be a big hassle to them because they don't know Terminal commands! (they don't even know what Terminal is)
  7. emm386 macrumors 6502


    Feb 5, 2016
    Apple screwed up big time here, I'm sure we all remember. Essentially though, the certification system is what's broken here.
    really annoying though I find is, that the plain simple user is no more the authority over his own system.

    A user should always be able to override what a system thinks is its best intent. Even if it's the wrong decision, even if I have to deal with catastrophic consequences: I (and no one else) should be able to decide, what's happening on my system. I can live with my computer misbehaving and me having to carry the consequences. but I can not live with the fact, that I no longer am in control. Admittedly, not even Microsoft gets this nowadays. at least not to the level I used to.
  8. elchuz macrumors newbie

    Mar 3, 2016
  9. Luke MacWalker macrumors member

    Jun 10, 2014
    Well said!
  10. macsba macrumors 6502

    Jan 5, 2015
    Next to my Mac.
    I haven't tried it but after right-clicking on the installer to show package contents and drilling down to the ESD file. Would the ESD file installer bypass the certificate? Just wondering.
  11. Stridder44 macrumors 68040


    Mar 24, 2003
    You simply re-download a new copy? Sounds like a non-issue. But of course people will bitch about anything.
  12. firewood macrumors 604

    Jul 29, 2003
    Silicon Valley
    Unless you are located somewhere remote with no broadband or even any reliable internet.
  13. jonblatho macrumors 6502a


    Jan 20, 2014
    You do realize the implications of a user being too lazy to download a new copy of OS X and instead jumping through whatever hoops necessary to install a copy of OS X that may have been maliciously modified, right?
  14. drumcat macrumors 6502


    Feb 28, 2008
    Otautahi, Aotearoa
    Or you have monthly data limits for your broadband.
  15. emm386, Mar 3, 2016
    Last edited: Mar 3, 2016

    emm386 macrumors 6502


    Feb 5, 2016
    Yes, I do. I can do hash checks myself. And a good setup routine could even do that for me.

    But that wasn't my point.
  16. macs4nw macrumors 601


    I share your frustration :(:mad::(, believe me, but I can also appreciate where Apple is coming from.

    It's probably a carefully calculated decision on their part that there's massively more potential PR harm from untold compatibility conflicts in the Mac user community, than from a small but vocal group of users who want to chart their own software usage future.
  17. Brian33 macrumors 6502a

    Apr 30, 2008
    USA (Virginia)
    Can anyone tell me how I can verify that my saved installers have this problem, as I can't seem to reproduce the error message!

    I created a flash USB installer stick for Mountain Lion long ago, and I can still boot (an appropriate machine) with it. In the "OS X Utilities" window I select "Reininstall OS X" and click Continue, which brings me to "Install OS X Mountain Lion" window. From there I can click Continue --> Agree--> and select a disk, and never see an error message (but I stopped short of clicking on the apparently final "Install" button).

    Would I actually have to have the installer try to copy (replace) files for the issue to appear? From the original description of the issue that doesn't seem to make sense. It appears I'm already running the "Install OS X Mountain Lion" application, without getting any expired certificate error.

    How can I verify this issue could really occur with my installers without actually doing a re-install?
  18. Glassed Silver macrumors 68020

    Glassed Silver

    Mar 10, 2007
    Kassel, Germany
    Thanks nanny Apple.

    You could just remove the DRM from OS X entirely and let me mind my own business instead, too.
    Provide hash values for the installers and all is fine.
    I know this isn't the easy way for everyone, but why not provide both options?

    Glassed Silver:mac
  19. tywebb13, Mar 3, 2016
    Last edited: Mar 3, 2016

    tywebb13 macrumors 68020

    Apr 21, 2012
    The new one will expire on February 7, 2023.

    Trouble is how many new OS X systems will there be before then? Including the old ones starting from Lion, probably about 11. This will be much harder to redownload than the 5 we need to redownload now. They need to make an exception for OS X installers and remove the certificate altogether.
  20. Mr. Retrofire, Mar 3, 2016
    Last edited: Mar 3, 2016

    Mr. Retrofire macrumors 601

    Mr. Retrofire

    Mar 2, 2010
    @Glassed Silver:
    The installer application certificate is nonsense because the Mac App Store does download the OS X installers via an encrypted connection, which ensures that the user obtains a valid installer application from a verified IP address. See also:

    If someone downloads OS X from other sources, it is his/her security problem, not a security problem for Apple.
  21. Westside guy macrumors 603

    Westside guy

    Oct 15, 2003
    The soggy side of the Pacific NW
    This is a compelling argument to, whenever possible, avoid purchasing software through the Mac App Store.
  22. M2M, Mar 3, 2016
    Last edited: Mar 3, 2016

    M2M macrumors 6502


    Jan 12, 2009
    Don't you just have to lower security settings to be able to just install any software ? After done you can max security back ...

    As an alternative can't you just create a USB installer with Terminal commands ?
  23. JosephAW macrumors 68000


    May 14, 2012
    It's the new designed obsolescence. I had to set my date back when installing iLife 4 so this is nothing new. Also my Adobe cs3 installers had a similar issue with the updates. Fortunately you can set the date back on computers... For now.
    --- Post Merged, Mar 3, 2016 ---
    I wonder if iOS 8 will suffer from this? I should set my computer to 2023 and my phone and see if it will sync. Something tells me I might run into a problem and all my apps I purchased might be dead?
  24. DonutHands macrumors regular


    Dec 20, 2011
    Los Angeles
    Does anyone know if this also affects OS X installers created with DiskMakerX?

Share This Page