Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OS X Installers Downloaded Prior to February 14 No Longer Work After Certificate Update

Stridder44 said:
You simply re-download a new copy? Sounds like a non-issue. But of course people will bitch about anything.
Click to expand...

This actually affected me. Had to use a USB installer twice last month, once on the 11th and again on the 17th. The second time it just didn't work and had no idea why. The client location I was at had a single T1 as their internet connection which is about ~1Mbps (which he raved about how fast it was). This meant that it was going to take me 11 hours to re-download an installer from the App store if I did it while I was there.

Fortunately I had a virtualized OS X server on my laptop with a 10.11.2 net install that didn't appear to be affected so I was able to finish my project without having to come back the next day.
 
  • Like
Reactions: ReneR, Brian33 and milo
OllyW said:
El Capitan and Yosemite are unavailable for me but I can download all the previous versions. :(
Click to expand...
Do you happen to have those two installers either on your internal drive or on an attached external drive. If the MAS sees those installers anywhere it will show that "Downloaded" button and not allow you DL again. That has been my experience anyway.

Mine for Yosemite and El Capitan both show "Download."
[doublepost=1457105958][/doublepost]
OLDCODGER said:
Question, if I may: Where do certs get stored? I don't allow Apple to talk to my Mac, and am still on Snow Leopard, so how can I be prevented from a reinstall?
Click to expand...
They are stored in the Keychain application.
 
  • Like
Reactions: JoeInMilwaukee, CoastalOR, OllyW and 1 other person
Why the heck can't they set these certificates to expire far enough into the future that this will never be a problem?

Just set them to expire Dec 31 2099 or something. You can work around them by setting the date back anyway, so it's not like this effectively prevents installs. It's just annoying.
 
stiligFox said:
Does this affect my Snow Leopard official Apple install discs?

Also - it's gonna be a pain to redownload all the OS's and recreate my install drives. Will give me something to do during spring break...
Click to expand...
I don't think so - I have 10.6 on a couple of keys that was made from a disc. I've just partitioned an old mini and am installing 10.6 off the key now, with no errors.
 
garirry said:
Apple needs to make it so that anyone can download any version of OS X at any time, even if it's not compatible with their system. It's annoying how I can't download any version of OS X on my MacBook because it isn't compatible, so I have to go search for another Mac and download from there.
Click to expand...

Exactly. I have one pretty old MacBook that I use as a spare machine for waching DVDs or grabbing a quick news check etc. I figured to download El Capitan onto that thing, and then make an installer for upgrading my main laptop and a a newer spare. Wrong....
 
Stridder44 said:
You simply re-download a new copy? Sounds like a non-issue. But of course people will bitch about anything.
Click to expand...

Only the re-download is disabled ! I can see them in the list of purchases (Lion, Mavericks, Yosemite and ElCap) but I can only download ElCapitan - all the others are disabled (greyed out). Any suggestions ?
ETA 2hours35
 
So any non-App Store installers are unaffected by this (10.0-10.6)? How about the Lion installer USB that Apple sold in 2011-2012 for ~$69? As that's not downloaded off the App Store, would it also be unaffected?
 
**** like this is why I strongly prefer to buy all of my apps from third-party websites.
 
jonnysods said:
Man why would they do that? My friend has an older machine and I wouldn't recommend it goes past mountain lion, but a fresh install will be a big hassle to them because they don't know Terminal commands! (they don't even know what Terminal is)
Click to expand...

Because certificate checking is a critical part of ensuring that the software you are installing is legitimate and has not been tampered with.

Certificates expire so that in case anyone has stolen the keys or cracked them, the window of vulnerability for people being tricked by them is smaller.
 
OllyW said:
El Capitan and Yosemite are unavailable for me but I can download all the previous versions. :(

View attachment 619709
Click to expand...
I had that happen with my wife's computer. I moved her SSD from her 2008 MacBook to a 2012 MacBook Pro and I needed to reinstall OS X 10.11.2 to enable Handoff but it wouldn't download right. It wouldn't appear in the Applications or anything. I kept trying with no luck, then finally decided to search with Spotlight and it found it, strangely enough, and I was able to run the installer even though it was nowhere to be found on the computer. Then the version it installed was 10.11, kinda weird.
[doublepost=1457161491][/doublepost]This appears to only affect original installers and not USB drives created with something such as DiskMakerX correct? I guess I can delete my backup installers now :/
 
OLDCODGER said:
Question, if I may: Where do certs get stored? I don't allow Apple to talk to my Mac, and am still on Snow Leopard, so how can I be prevented from a reinstall?
Click to expand...

Why, everybody knows that all the Apple certificates are on the same server as the Dormant Cyber Pathogen. ;)
 
  • Like
Reactions: OLDCODGER
Weaselboy said:
Do you happen to have those two installers either on your internal drive or on an attached external drive. If the MAS sees those installers anywhere it will show that "Downloaded" button and not allow you DL again. That has been my experience anyway.

Mine for Yosemite and El Capitan both show "Download."
Click to expand...
Thanks, you've solved it. :cool:

I deleted the old installers from the external drive and they are both now available as downloads in the MAS. At first El Capitan was still greyed out but it returned after a reboot.
 
  • Like
Reactions: JoeInMilwaukee, You are the One and Weaselboy
throAU said:
Because certificate checking is a critical part of ensuring that the software you are installing is legitimate and has not been tampered with.

Certificates expire so that in case anyone has stolen the keys or cracked them, the window of vulnerability for people being tricked by them is smaller.
Click to expand...
So the new cert expire 2023 if I remember correctly. You call that a small window?
 
Carlanga said:
So the new cert expire 2023 if I remember correctly. You call that a small window?
Click to expand...
OK to explain properly... the certificates are set to expire within a time-frame that is 'safe' from key cracking.

i.e., it is assumed that based on current and projected processing power that 2023 would be a reasonable time frame for the key length of the current cert to be safe from a committed adversary like the US government for example. e.g., it is considered unlikely that the key could be cracked before 2023, but confidence beyond that point is not good.

Older certificates may have used shorter keys (because using longer keys requires more CPU).

If keys are stolen (rather than cracked) apple can revoke the certificates before they expire.
 
This is really unreliable annoying, silly, ... if this would be Windows we would all be lying on the floor laughing, ...
... but, unfortunately this is where the state of Mac OS X has come to, ...
I wish there still would be security and bug-fixes for 10.6, ...
One major version bump per year also appears to be too much for a sane user experience on the Mac, ...
 
  • Like
Reactions: temhawk
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back