Mac OS X Server: Software Update Certificate expiration

The certificate used by Apple to sign many updates for OS X Lion and Mac OS X v10.6 Snow Leopard expires on March 23, 2012.

This article has been archived and is no longer updated by Apple.

Mac OS X Server administrators who are managing their own Software Update servers should remove all updates signed with the expired certificates and redownload the updates from Apple.

Apple uses a certificate to sign both automatic software updates for OS X Lion and Mac OS X v10.6 Snow Leopard to ensure that they have not been altered when downloaded. All cryptographic certificates have an expiration date, and the certificate used to sign previous updates expires on March 23, 2012. As of March 22, 2012 Apple has reposted all current automatic updates for OS X Lion and Mac OS X v10.6 Snow Leopard. They are identical to the previous updates except that they are signed by a new certificate which expires in 2019.

Mac OS X Server Software Update Service administrators will need to manually remove the older updates and download the new ones.

If you do not remove the older updates, you may see two copies of some updates in Server Admin, your users may see the message "The update could not be verified" when trying to install a software update, and you will use up to twice as much disk space to store software updates.

Use these steps to remove the older updates:

  1. Open Server Admin.
  2. Stop the Software Update service.
  3. Click the Settings tab.
  4. The storage directory for your software updates is listed next to "Store updates in:". Locate this folder in the Finder.
  5. Delete the folder named "html" inside it. You will need to use the sudo command or enter an administrator password in the Finder.
  6. Start the Software Update service in Server Admin.

If you have "Copy all updates from Apple" selected in the Settings tab of the Software Update service in Server Admin, the new updates will be downloaded from Apple automatically. Otherwise, copy the updates that you need in the Updates pane.

Important information if you have "Delete outdated software updates" unchecked

Apple will only repost the updates that are current at the time of the certificate expiration. For example, the OS X Lion v10.7.3 update will be reposted, but not v10.7.2 or v10.7.1. The Mac OS X v10.6.8 update will be reposted, but not v10.6.7. If you have preserved these earlier updates on your Software Update server, they will no longer be valid for installation after March 23. You will need to remove them and they will not be replaced.

Earlier updates such as OS X Lion v10.7.2 will continue to be available as manual downloads from Apple Support Downloads.

Published Date: