OS X Installers Downloaded Prior to February 14 No Longer Work After Certificate Update

Discussion in 'Mac Blog Discussion' started by MacRumors, Mar 3, 2016.

  1. einsteinbqat macrumors regular

    einsteinbqat

    Joined:
    Nov 3, 2012
    Location:
    Canada
    #51
    Downloading El Capitan again to update my USB
     
  2. Izlib macrumors member

    Izlib

    Joined:
    Apr 24, 2008
    #52
    This actually affected me. Had to use a USB installer twice last month, once on the 11th and again on the 17th. The second time it just didn't work and had no idea why. The client location I was at had a single T1 as their internet connection which is about ~1Mbps (which he raved about how fast it was). This meant that it was going to take me 11 hours to re-download an installer from the App store if I did it while I was there.

    Fortunately I had a virtualized OS X server on my laptop with a 10.11.2 net install that didn't appear to be affected so I was able to finish my project without having to come back the next day.
     
  3. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #53
    Do you happen to have those two installers either on your internal drive or on an attached external drive. If the MAS sees those installers anywhere it will show that "Downloaded" button and not allow you DL again. That has been my experience anyway.

    Mine for Yosemite and El Capitan both show "Download."
    --- Post Merged, Mar 4, 2016 ---
    They are stored in the Keychain application.
     
  4. zorinlynx macrumors 603

    zorinlynx

    Joined:
    May 31, 2007
    Location:
    Florida, USA
    #54
    Why the heck can't they set these certificates to expire far enough into the future that this will never be a problem?

    Just set them to expire Dec 31 2099 or something. You can work around them by setting the date back anyway, so it's not like this effectively prevents installs. It's just annoying.
     
  5. Mr_Brightside_@ macrumors 68030

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    Toronto
    #55
    I don't think so - I have 10.6 on a couple of keys that was made from a disc. I've just partitioned an old mini and am installing 10.6 off the key now, with no errors.
     
  6. Adam552 macrumors 6502

    Joined:
    May 30, 2006
    Location:
    Liverpool, UK.
  7. LizKat macrumors 68040

    LizKat

    Joined:
    Aug 5, 2004
    Location:
    Catskill Mountains
    #57
    Exactly. I have one pretty old MacBook that I use as a spare machine for waching DVDs or grabbing a quick news check etc. I figured to download El Capitan onto that thing, and then make an installer for upgrading my main laptop and a a newer spare. Wrong....
     
  8. bergert macrumors regular

    Joined:
    Jun 24, 2008
    #58
    Only the re-download is disabled ! I can see them in the list of purchases (Lion, Mavericks, Yosemite and ElCap) but I can only download ElCapitan - all the others are disabled (greyed out). Any suggestions ?
    ETA 2hours35
     
  9. JoeInMilwaukee macrumors member

    Joined:
    Apr 7, 2015
    Location:
    Milwaukee, WI
    #59
    Let's see...how long will it take me to re-download Lion, Mountain Lion, Mavericks, Yosemite, and El Capitan on my 768 kbps (at best) internet connection? :rolleyes:
     
  10. KoolAid-Drink macrumors 65816

    Joined:
    Sep 18, 2013
    Location:
    California
    #61
    So any non-App Store installers are unaffected by this (10.0-10.6)? How about the Lion installer USB that Apple sold in 2011-2012 for ~$69? As that's not downloaded off the App Store, would it also be unaffected?
     
  11. stiligFox macrumors 65816

    stiligFox

    Joined:
    Apr 24, 2009
    Location:
    10.0.1.3
    #62
    Cool, thanks!
     
  12. You are the One macrumors 6502a

    You are the One

    Joined:
    Dec 25, 2014
    Location:
    In the present
    #63
    **** happens sometimes, even to Apple. What you want to do? Find the guilty and send him/her to Gitmo?
     
  13. OLDCODGER macrumors 6502a

    Joined:
    Jul 27, 2011
    Location:
    Lucky Country
    #64
    Thanks, much appreciated!
     
  14. Carlanga macrumors 604

    Carlanga

    Joined:
    Nov 5, 2009
    #65
    Lion comes before mountain lion.
     
  15. Kajje macrumors 6502a

    Kajje

    Joined:
    Dec 6, 2012
    Location:
    Asia
    #66
    Please use proper caps. Part of the feline population is offended by your assumption. They're all special and beautiful.
     
  16. temhawk macrumors member

    Joined:
    Jun 22, 2010
    #67
    **** like this is why I strongly prefer to buy all of my apps from third-party websites.
     
  17. throAU macrumors 603

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #68
    Because certificate checking is a critical part of ensuring that the software you are installing is legitimate and has not been tampered with.

    Certificates expire so that in case anyone has stolen the keys or cracked them, the window of vulnerability for people being tricked by them is smaller.
     
  18. GoodWheaties macrumors 6502a

    GoodWheaties

    Joined:
    Jul 8, 2015
    #69
    I had that happen with my wife's computer. I moved her SSD from her 2008 MacBook to a 2012 MacBook Pro and I needed to reinstall OS X 10.11.2 to enable Handoff but it wouldn't download right. It wouldn't appear in the Applications or anything. I kept trying with no luck, then finally decided to search with Spotlight and it found it, strangely enough, and I was able to run the installer even though it was nowhere to be found on the computer. Then the version it installed was 10.11, kinda weird.
    --- Post Merged, Mar 4, 2016 ---
    This appears to only affect original installers and not USB drives created with something such as DiskMakerX correct? I guess I can delete my backup installers now :/
     
  19. hax0rkine macrumors newbie

    Joined:
    Sep 27, 2012
    #70
    I do the same, too! As I'm typing this, Im downloading a fresh copy starting with Mavericks.
     
  20. JamesPDX Suspended

    JamesPDX

    Joined:
    Aug 26, 2014
    Location:
    USA
    #71
    Why, everybody knows that all the Apple certificates are on the same server as the Dormant Cyber Pathogen. ;)
     
  21. OllyW Moderator

    OllyW

    Staff Member

    Joined:
    Oct 11, 2005
    Location:
    The Black Country, England
    #72
    Thanks, you've solved it. :cool:

    I deleted the old installers from the external drive and they are both now available as downloads in the MAS. At first El Capitan was still greyed out but it returned after a reboot.
     
  22. Carlanga macrumors 604

    Carlanga

    Joined:
    Nov 5, 2009
    #73
    So the new cert expire 2023 if I remember correctly. You call that a small window?
     
  23. throAU macrumors 603

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #74
    OK to explain properly... the certificates are set to expire within a time-frame that is 'safe' from key cracking.

    i.e., it is assumed that based on current and projected processing power that 2023 would be a reasonable time frame for the key length of the current cert to be safe from a committed adversary like the US government for example. e.g., it is considered unlikely that the key could be cracked before 2023, but confidence beyond that point is not good.

    Older certificates may have used shorter keys (because using longer keys requires more CPU).

    If keys are stolen (rather than cracked) apple can revoke the certificates before they expire.
     
  24. ReneR macrumors 6502

    Joined:
    Jun 18, 2008
    Location:
    Berlin, Germany
    #75
    This is really unreliable annoying, silly, ... if this would be Windows we would all be lying on the floor laughing, ...
    ... but, unfortunately this is where the state of Mac OS X has come to, ...
    I wish there still would be security and bug-fixes for 10.6, ...
    One major version bump per year also appears to be too much for a sane user experience on the Mac, ...
     

Share This Page