Mike Wuerthele
If you're like us, you've got a pile of macOS installers of various vintages lying about ready to go at a moment's notice. The problem with that is, the certificates on most of them them expire today, making them useless.
So here's what's going on — Apple has security certificates on installers for macOS. Nearly all of these for older versions of the operating systems expire at some point on Thursday. It's not Apple's root certificate — which would be worse — but the primary and intermediate certificates that are expiring.
This means that all of those USB sticks that you've pre-loaded installs that you made that aren't Catalina are probably not going to work when you need them to. So, it's time to update them.
But maybe not just yet, though. As pointed out by a post on Medium, and confirmed just before we took this article live, the macOS Mojave 10.14.6 updater presently available through Apple has the old certificate. Therefore, you can download it now, but it won't work if you do, because it won't validate as it is after 1:29 PM Eastern time — when the package expired.
Installed operating systems are fine, so there's nothing to worry about there. But, if you try to run an installer, you'll get a warning that the copy of the installer may be damaged, or will just fail to open because the package isn't trusted any more.
So, if you're a system administrator, or just like to be prepared, there's a little work to do to keep your tools functional. You may just want to wait until after October 24 to do it.
This has all happened before, and it will happen again. Fortunately, at least for the operating systems, you won't have to do it again until 2029 after you get the new images.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
30 Comments
The intermediate "Apple Software Update Certification Authority" certificate expiration seems to be a concern. Wouldn't they keep that one renewed? Is this an oversight?
Certificates are managed at the Certificate Authority. Wouldn't Software Update reach out to see if there's a renewed certificate in the same way that browsers do for websites? But then again, certificates are stored within website hosting environments, so if the same happens for these software packages (the certificate bundled within), that does pose a problem.
Hey AppleInsider, to get a clean capture of windows, do this:
This works for Quick Look windows, too.
You know there is a very easy fix here!
The installer looks at its certificates and the systems date. So as long as the systems date is older than the expiring cert the installer won't be the wiser!
As an example I just installed Sierra on an old 2011 iMac. I altered the systems Date & Time setting to manual and then back dated it to Jan 2017. Restarted the system and then ran the OS installer USB thumb drive I've setup. Once done reset the Date and Time to automatic and its done!