Checking macOS Installer Certificates

Posted by

I think I mentioned that Apple is in the process of renewing all the Security Certificates for their OS Installers. If you attempt to use an older macOS Installer (downloaded more than couple of weeks ago) it will come up with an “Application is Damaged” message. If you run an older version of macOS or do troubleshooting in older versions and need an older installer, then you should check the Security Certificate of the installer you have. Here is a way to do this using a cool little one-off App called Taccy from the Electric Light Company.

Taccy

If you are going to use the free App Taccy to check your installers, you need to download the latest 1.6 version. Taccy 1.6 can check macOS Sierra, High Sierra, Mojave and Catalina. Using the Taccy App is a two-step process. First, the App opens a Disk Image portion of the installer, then it opens part of the Disk Image contents to check the Certificate. 

Once you download Taccy, just boot it up and use the Mount Disk Image command in the File menu:

Mount Disk Image

Again, the way Taccy works is to navigate inside one of the installers to mount a certain Disk Image (more on that in a bit). Once the Disk Image is mounted, you can then open that Disk Image and continue to open one of it’s components that Taccy uses to check the Security Certificate. Yes, this is a bit convoluted, but if you really need to have reliable installers, it is worth the effort.

When you choose Mount Disk Image you will be taken to a list of your installers:

Installers

The first one I chose was High Sierra. When you choose an install package, it opens a window like this:

Install ESD

You want to click on the SharedSupport Folder and then select the InstallESD Disk Image to open. When you do, Taccy opens that Disk Image in the Finder like so:

Opened Disk Image

Click on InstallESD, then Packages. Choose the Core.pkg to be opened and checked by Taccy. Once you choose this package, Taccy runs for a while during the checkup process. I think mine ran for about 3-4 minutes. When it is finished it will display a window like this:

Taacy Results

This is the result for my High Sierra Installer. It shows “signed by a certificate that has since expired”. That installer needs to be replaced, if you can find it anywhere.

Now, I ran the same procedure for my Mojave Installer. However, before running Taccy I downloaded the most recent version of the Mojave Installer. After going through the above process I received this result:

Valid Certificate

A valid Certificate should look something like the above image.

Here is a link on the Electric Light website with more detailed information on how Taccy works.

Conclusion

I know this process is a bit involved, but it is a really accurate way to check the viability of your more recent macOS Installers. The Taccy App is free. I have used it on several Installers and it works quite well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.