Redownload Archived macOS Installers to Address Expired Certificates

Is there a way to see when the signing certificates expire? I thought I knew how, but when I use that procedure it shows the Mojave and Catalina installers I just downloaded expiring in April of 2021 (which is better than last Thursday, but still only 1.5 years away.)

Yes, in theory (I haven’t tried this—too much happening today). Howard Oakley explains at:

For older OS’s that you can now download directly from the web (Sierra, El Capitan, Yosemite), open the .dmg and run the .pkg inside. The Installer window has a padlock in the top right corner you can click to see the certificate details. To do this with an “Install macOS ?.app” installer downloaded through the App Store, you have to right-click it, Show Package Contents, go to Contents/SharedSupport/, mount InstallESD.dmg, then open Packages/OSInstall.mpkg. I did this for copies of High Sierra and Mojave I just downloaded, they do expire April 14, 2029. Note that this doesn’t work if your computer is too new to run the OS you’re trying to check.

I’ll add that if your computer is too new to run a particular OS installer, you can still check if the package certificate is valid, not expired. Run this in Terminal: pkgutil --check-signature /path/to/installer.pkg. The command is for any signed package, not just Apple OS installers. Here’s the output for the Yosemite installer:

pkgutil --check-signature /Volumes/Install\ OS\ X/InstallMacOSX.pkg 
Package "InstallMacOSX.pkg":
   Status: signed Apple Software
   Certificate Chain:
    1. Software Update
       SHA1 fingerprint: 75 86 00 B2 79 B3 ED 1D B5 52 46 5B 17 63 E5 89 87 85 D5 73
       -----------------------------------------------------------------------------
    2. Apple Software Update Certification Authority
       SHA1 fingerprint: E3 30 E5 04 00 4B D2 5C 45 80 0A F2 D5 1B 03 D5 77 27 B7 01
       -----------------------------------------------------------------------------
    3. Apple Root CA
       SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60

When I run the same command on OSInstall.mpkg from within the Mojave installer, the fingerprints are identical so that means the expiration dates are the same.

Thanks all. I was looking at the codesigning certificates on the installer applications themselves, when I dig down to the actual packages I see the 2029 date as expected.

I don’t get this. As explained in the macOS Code Signing in Depth technical note:

Signatures with cryptographic timestamps are validated against the signing time … the code signing and validation engines accept signatures made with expired certificates. This means that your signed code will not become invalid when your certificate expires.

In other words, when a code-signed application is validated, what matters is whether the certificate was valid as of the time the code was signed, not whether it later expires (unless, of course, it is revoked).

So why are we having to re-download the installers again? Is Apple not following their own rules?

Code signing applications is not the same as signing installation packages.

When I try to get the High Sierra or Mojave installers, the link takes me to a page where the link only takes me to the app store where those installers do not appear anywhere that I can see. The links for El Capitan, Sierra, and Yosemite got me to a page where I could download a dmg so those seem to work.

Just checked what I can download from an iMac running High Sierra and I am currently downloading Lion. Will report certificate status later.

Just ran the freshly downloaded Lion installer. No complaints about expired certificates. However, I can not find the certificate information in the location that Curtis described.

Similar problem for me:

• currently installed and running MacOS is Mojave 10.14.6

• both the Mojave and High Sierra links open up the App Store which promptly throws up an error message saying “Cannot connect to the App Store”. The error message is actually not true as I CAN search the App Store, check my account details, etc so must be connected.

• Sierra, El Capitan and Yosemite all download.

Strange.

Cheers, Gobit

Right now I’m also getting a “Cannot Connect to App Store” dialog, maybe these specific resources are overloaded because so many people want the installers with current certificates.

Can you please provide the link you used to download Lion? Others have found they couldn’t locate OS installers older than Yosemite. If you downloaded it from within the App Store, the view within the Store should have a button with three dots next to the “Get” button, the three dots button has a Copy Link option.

If you ran an OS installer that ends in .app, it won’t have the padlock in the top right corner, that’s only displayed for .pkg (and .mpkg) files opened by Installer.

This applies to other Apple installers besides macOS installers. We have been using a Ricoh printer driver installer from Apple that quit working last week, too.

I have the same problems and get the same response on my 2017 iMac running Mojave and it was really bugging me until I saw that I wasn’t alone. Now I have hope that someone will find a solution or I will go with the date change workaround with the Installer I have.

I also was able to download the Yosemite, El Capitan and Sierra installers using the direct link in the Apple support documents, but the High Sierra and Mojave support documents lead to the ‘Cannot connect to App Store’ message.

So I called Apple and a senior AppleCare advisor told me he got the same message. He elevated the issue to engineering and said he’ll get back to me if engineering tells him anything. Will post what he says if he connects with me again.

I am sure that I am no where the technical level of the rest of you … so please do not laugh at this question. I just spent more than 2 hours in a chat with Apple support only to be told I could not upgrade any longer to Mojave from my current Sierra. At the very end of the chat I discovered this site and this info. No one at Apple knew anything about this … I spoke to 3 different people during my chat.

My question, can use the link you provided for Mojave that took me to app store to upgrade my Sierra to Mojave without any problems? Hoping I do not need any special computer software skills.

I truly appreciate any help and/or direction.
Thank you.

If you’re using a Mac that supports Mojave (which that page will clarify), then yes, you should be able to use the link in the article to download Mojave and install it. People were seeing App Store errors earlier today, but I just got through in another test, so it’s possible that Apple has fixed those.

As others have noted High Sierra and Mojave are obtained via the App Store. I am still using El Capitan but had older copies of High Sierra and Mojave stored on my computer for future consideration. The App Store wanted to open these copies so I had to trash them before the updated copies would download.

In the High Sierra App Store, I get a download button for my purchases. It does not show up in a search, which is where I would get the GET button. I played around with the option, ctrl and command buttons, but no option to get the link.

Not sure why you would need it, but the link is available on the Apple Support page as https://itunes.apple.com/us/app/macos-high-sierra/id1246284741?ls=1&mt=12.

Maybe it works perfectly. But I would go via upgrading to High Sierra. There might be a valid reason. Maybe something with the conversion to APFS? Another way to upgrade to Mojave I discovered by accident. Try cmd-opt-R -> Internet Recovery and see which OS you get. My 90 years old mother-in-law is now on the bleeding edge with Mojave.

Three times today tried downloading the macOS Mojave installer, to a MacBook Pro (15-inch, 2018) running Mojave and each time it downloaded and reported “application is damaged damaged and can’t be used to install mac OS.” I want to have a fresh installer so I can install Mojave on a new volume to run Parallels Desktop for some 32 bit apps. Any suggestions?

Did you try the softwareupdate command in Terminal, just to see if it’s different?

I get the impression that Apple threw lots of stuff up in the air with these updates, so I hope things will be settling down in the next few weeks.

Tried Terminal commands:
softwareupdate (provides the modifier commands)
softwareupdate -d (just says Software Update Tool)
and -l (just says Software Update Tool)

Can you provide the specific command to just download the Mojave installer?

From the article, with the correct version number:

softwareupdate --fetch-full-installer --full-installer-version 10.14.6

As I read the article that command is new under Catalina. I explained above I am still running Mojave. I want to be sure I have a Mojave installer before upgrading and optimally already installed on a partition running Mojave with Parallels Desktop before upgrading. In any case this command did not work for me on Mojave, this is the response from terminal:

softwareupdate --fetch-full-installer --full-installer-version 10.14.6
softwareupdate: unrecognized option `--fetch-full-installer'
softwareupdate: unrecognized option `--full-installer-version'

Oh sorry, my mistake. Yes, that command only works in Catalina. You might be able to find something that works in Mojave by trawling the Mac sysadmin blogs like Der Flounder and Krypted.

https://itunes.apple.com/us/app/macos-mojave/id1398502828?ls=1&mt=12

Thanks for these links, Adam. This is a useful community service. All of them worked for me except High Sierra, which required me to download DosDude1’s macOS High Sierra Patcher Tool for Unsupported Macs. That worked just fine. Now I have a complete collection of OS.

The main ones I use today are:

1. Snow Leopard (on an old Mac Pro 1,1)
2. Mountain Lion on a MacBook Air 2011 1.4GHz 4GB RAM
3. El Capitan on everything else (work Mac Pro 6 core 3.46 GHz, 2011 MBP 17, 2011 MBP 15)
4. Mojave on a Mac Pro 5,1 12-core 3.33 GHz

I really dislike Mojave but installed it to use the latest FCPX and for better performance on a Radeon RX580. The 32 bit warnings are extremely tiresome and dark mode gets dull after awhile too. It looks like I might have to go to switch from El Capitan to High Sierra across the board to use the latest version of some photo software I like. Dreading having to deal with High Sierra vagaries on three different computers. Very worried about performance fall-off, particularly on the laptops.

I lurk in reddit.com/r/applehelp, trying to help other Apple users. Just today someone posted about having upgraded to Catalina and now trying to re-download Catalina again from the app store to make a USB installer (they forgot the first time). This second installer would download, give them an error, and erase the download. I passed on this article, and they used the new Catalina ability to “fetch” the installer(s), and this worked for them. So I was able to pass on your great article so someone immediately!

Many thanks Al, downloading Mojave from the (http://itunes.apple.com) link you provided worked!

Great Article, I’ve been able to download ALL the installers 10.10 to 10.15 and make them all work EXCEPT for the Sierra Installer! I’ve tried several times on several Macs and can not make an external installer. I’m using Install Disk Creator and I’ve also tried DiskMakerX. Just gives an error when trying to make the installer.

Anyone have any advice?

Thank you.

More from Der Flounder. Apple has been having trouble getting all these things reposted properly, so if something didn’t work, try again later.

You could always just turn dark mode off…

The day the TidBITS article appeared I tried downloading the installers and had problems downloading the ones from the Mac App Store. I reported the screwup of the missing archived macOS installers to a senior AppleCare advisor. Sure enough, he, too could not download them from the Mac App Store. He agreed it was screwed up and reported it to engineering.

I received an email from the senior AppleCare advisor today:

‘‘I wanted to reach out to let you know that I received an update to our case. The installer for macOS High Sierra was being updated when you were attempting to download. You should now be able to download it and any other update after as well. Please let me know if you are successful with downloading.’’

I was also able to download both the High Sierra and Mojave installer from the Mac App Store. And for good measure I re-downloaded the Yosemite, El Capitan, and Sierra installers.

Haven’t tried installing them though. Hope I never have to.

I’m in exactly the same situation, except I also tried the older Terminal command to accomplish this and even that failed.

I did all that in Catalina, so I’m next going to try those methods in some other OS, starting with Sierra.

David, would you please post the URL for that site?

They appear to all have been fixed now. Mostly problems with the CDN mirrors, I’m told. In any case I haven’t had any more problems for the last couple of days now with all the links listed in the article.

@taryfast – I downloaded the installers using the links in the originally published TidBITS article:

The article lists the Apple support documents for installing Yosemite, El Capitan, Sierra, High Sierra, Mojave and Catalina. Each of the support documents has links to the installers, and according to the senior AppleCare advisor those links are the official way to obtain the installers.

No dice here today. Just downloaded Sierra’s installer again, tried to make a bootable with the same error as yesterday.

Has anyone gotten Sierra to work? How?

Thank you,

I may have found a workaround, but still need to test it before sending folks on a wild goose chase. More when I get time.

Added: Doesn’t work.

After downloading the macOS Mojave installer from that link, then opening the file, I still get the error message:

This copy of the Install macOS Mojave application is damaged, and can‘t be used to install macOS.

Any other ideas?

There appears to be a bug in Apple’s latest release of the Sierra installer (with new certificate). I’ve been unable to create a bootable installer from it and have seen multiple reports across the internet of the same. Hopefully they will fix it soon. If anyone has discovered a workaround, please let me know. Thanks!

I got one report of a Slack #MacAdmins #Sierra subscriber that he got it to work yesterday, so started a discussion with him to see if he has a workaround.

Using Terminal I get the following error right after it starts:

/Volumes/MyVolume is not a valid volume mount point.

I can see in Finder and Disk Utility that it is mounted there and can cd to it in Terminal, so not sure why createinstallmedia isn’t able to.

Using various versions of DiskMakerX, Install Creator and another app developed by a colleague, in OS Sierra, Mojave and Catalina, I get a variety of error messages, but none of them are able to accomplish the first step, which is erasing the target volume after entering my admin password.

-Al-

Where in all that crap is the expiraion date?

I got them all to download, except High Sierra. On the app store page for HS I got an Open button, even though I had unmounted my archive volume that contained the HS installer. So I used the macOS High Sierra Patcher tool as you directed, getting the installer download instruction from the Tools menu. Great app. High Sierra was them downloaded to my specified location. So now I have updated apps for all the macOS X installers in your list. However, this was the only one, besides Mojave, that downloaded the app. The other links downloaded dmg copies, which do not contain the usual installer app. So I retained the apps for Mojave, El Capitan and Yosemite.

Interestingly, the folder “HighSierraDownload” was also downloaded. It was empty when I opened it so I threw it away. Surprisingly, the High Sierra installer also disappeared. So I downloaded it again before discovering that the first installer was in the trash with the HighSierraDownload folder. They are somehow linked, I guess because the installer components were originally in the folder. I tried trashing the HighSierraDownload folder for the second High Sierra download and it was not removed this time. Odd and odder. This may seem trivial; I mention it in case someone else runs into the same problem.

By the way, I’ve gotten the out-of-date certificate message before with old Apple app installers and was able to run the installers anyway, ignoring the message. I haven’t tried it with on OS installer, though, but it might be worth a try.

It’s not crap, they’re encryption key signatures. They’re not meant to be read, they’re meant to be compared to other fingerprints.

The command does not show when they the signing certificates expire, only whether they’re currently valid or expired. If used on an unsigned package, the output is only “Status: no signature.” When a certificate has expired, the output still includes the fingerprints but it says “Status: signed by a certificate that has since expired.”

That just indicates that you still have an older copy of the installer squirreled away somewhere on your boot drive. The App Store is very good at knowing this, so you might want to spend a bit of time trying to locate and trash it. That may well be why the one you downloaded was then moved to trash.

I tried to download Mojave several times but each time I only got a 22 MB stub installer. How do I get the complete 6 GB file?

I believe there has been server maintenance ongoing all weekend and several others have complained with various symptoms. I would try again tomorrow and see how it goes.

An IT colleague of mine just posted this to Slack #MacAdmins #Sierra:

FYI: I opened a ticket with ATS — they confirmed you can’t make a bootable Sierra installer with the “certificate-fixed” version and wanted me to give them information stating why it was important that somebody look at fixing this. I recommend you pile on with that if it’s an issue for you. (I’m able to make the old Sierra installer work by setting the clock back for now, but I’d honestly be surprised if Apple fixed the 10.12 installer at this point…)

I’m still attempting to find workaround, but my previous one failed.

I just downloaded them all. All three of the direct downloads from the Apple pages, Yosemite through Sierra, don’t have full names, just “InstallOS.dmg” or “InstallMacOS.dmg”. The installers inside have the same names as the images. The only way to tell which version is which is to run the installer, and either get an error message that 10.10 or whatever can’t be installed on this machine, or if the version can be installed, look through the files list for clues. This doesn’t give me a lot of confidence that I’d ever want to run them. If they can’t even be bothered to name their installers properly, what else might be mangled?

With Catalina command line softwareupdate, I haven’t been successful at fetching anything earlier than 10.13.6, though asking for 10.11.5 did give me a chimera progress percentage before telling me it couldn’t find it once the percentage got to or near 100%. That percentage went much faster than for the real downloads, so it was likely just another bug.

Here is a method that doesn’t involve changing the system clock on the target computer, and works reliably to create a bootable SIERRA installer. Use createinstallmedia on the OLD installer (the one with the expired certificate) to create your bootable USB drive. Once created, open the USB drive and move the installer app “Install macOS Sierra” from the USB drive into the trash and empty trash. Although it will seem like the USB drive is now blank, it isn’t. There are a bunch of “hidden” files that will boot the USB drive. Next, use Apple’s current installer to put the updated version of “Install macOS Sierra” (with the valid certificate but apparently a non-working createinstallmedia) back into your Applications folder of your computer. Finally, copy that app (“Install macOS Sierra”) from your Applications folder onto that USB drive. Believe it or not, this WORKS. It’s actually the only solution I’ve seen anywhere since this mess started, that works. This is only necessary for the Sierra installer. All of the other installers with updated certificates work properly with the createinstallmedia command. To verify the solution, I booted a MacBook with the USB drive prepared as described above, used Disk Utility on the USB drive to reformat the laptop’s internal drive, installed macOS Sierra from the USB drive, then booted the MacBook with the USB drive removed, and ran the App Store system updates to verify that everything is working as expected.

As an aside, if you use Apple’s current installer (with the valid certificate but non-working createinstallmedia) to create a NetInstall .nbi folder, that works, too. But most people don’t run a NetInstall server.

As another aside, I did try moving ONLY the createinstallmedia executable from the old installer to the new installer app (by exposing the innards of the installer app using a right click and selecting “Show Package Contents”) but that did not work. You still get the same error message about a bad volume mount point.

Over on the MacAdmins Slack, there have been a few comments about encouraging people to clear their caching servers, which might have old versions of updates or installers stored. Most people here probably aren’t running into this, but if you have Content Caching enabled in System Preferences > Sharing > Content Caching, you might want to reset it or disable it temporarily.

I did exactly that, but just haven’t had the time to test it, so thanks for confirming.

Just be certain that the name of the new Install macOS Sierra matches exactly with what the old installer name was as there are some embedded links to that name in the hidden files.

I tried again two days later and still cannot get the full 6GB Mojave installer. This is on a Mac Mini running El Capitan.

Hi
I downloaded El Capitan from the link above and launched it to have Install OS X El Capitan.app in /Applications.

One thing i noticed is, it gives me different hash of InstallESD.dmg each time i redo the procedure. The timestamp is different too.

E.g.
Step 1. making sure there is no existing Install OS X El Capitan.app in /Applications, launch the InstallMacOSX.pkg then take note of the InstallESD.dmg hash.
Step 2. Doing the Step 1 again.

Result: Im getting 2 different hash result of InstallESD.dmg

Is this normal?

For softwareupdate command line downloads, a friend ran a script to download every possible version number from 10.7 up and confirmed that only these are available, and they’re identical to the app store versions:

10.13.6
10.14.6
10.15.1

So there’s no easy going back a minor version or two in case an update breaks an app.

So, since these are identical to the app store ones, can’t earlier versions also be downloaded from the app store?

Thank you,

Daviid

To some extent, it depends on what macOS your friend is running that script from as each OS has it’s own catalog and not all catalogs contain every installer.

It also depends on the model mac that one has, as there are some forked versions that are only available to macs that were introduced after a software update.

So when I run my own script in Mojave just now, I see two additional installers available:

1 041-91758 10.13.6 17G66 2019-10-19 macOS High Sierra
2 041-83630 10.15.1 19B88 2019-10-29 macOS Catalina
3 061-26589 10.14.6 18G103 2019-10-14 macOS Mojave
4 041-88800 10.14.4 18E2034 2019-10-23 macOS Mojave
6 061-26578 10.14.5 18F2059 2019-10-14 macOS Mojave

But you are correct, that unless you squirrel away an older installer, it will be difficult to go back. You can use shift-option-⌘-R to reinstall the macOS that came with your Mac, or the closest version still available.

Thanks for the note about turning off caching! – That explained why I could re-download all OS X versions from Lion to El Capitan in App Store. When I “downloaded” El Capitan there in the hope of having an easier time to do a bootable installer, I noticed the certificate was not updated … . Turning the cache off on my other computer (Mojave), I just get an error message in App Store on the Sierra machine.

Oh good—glad that note helped. I wasn’t quite sure what caching would do in this situation, but it seemed like it could cause confusion.

Still not quite sure how to make a bootable backup from the new installer though … can extract the package and find the InstallESD.dmg file, but … not urgent.

Or use DiskMakerX or Install Disk Creator.

It looks like those programs also only handles App Store downloaded systems, just like another program I have.

Of course one could start from a full system installed on an external drive, but would be nice with just the OS installer. Otherwise it is often easier to simply a clone an external drive to the internal.

Jerry

Then I have no idea what you are looking for. It’s necessary to have a copy of the Installer Assistant (full installer) on a drive somewhere in order to create a bootable backup. The methods I outlined will copy that installer along with a minimal system folder to an external drive (I use USB Thumb-drives of at least 8GB, but any external will do).

The discussion was on how to create a bootable installer from the new Mac OS X El Capitan installer from Apple that we should now use: El Capitan

Apple has no advice on how to do this, nor have I seen any here or elsewhere. Pre-Sierra systems cannot be re-downloaded from the App Store with the new certificate. (But I got a full installer.) Maybe you managed to create a bootable installer yourself from the new El Capitan?

Yes, that article tells you exactly how to obtain the OS X El Capitan installer in part 4. You start by using the download link which I will repeat here: http://updates-http.cdn-apple.com/2019/cert/061-41424-20191024-218af9ec-cf50-4516-9011-228c78eda3d2/InstallMacOSX.dmg. I recommend you change it’s name to “InstallMacOSX El Capitan.dmg” for easy identification, should you need it again. Then you mount the InstallMacOSX El Capitan.dmg by double-clicking it and when the window open you will see an installer called “InstallMacOSX.pkg”. Double-click that and the Installer app will open it and download the El Capitan full installer, signed with the new certificate, into your /Applications folder. If it launches, simply quit and follow the other instructions I cited to create that bootable installer.

I have not attempted to create a bootable installer myself as my current iMac won’t run it, but I have discussed it with others who have.

Yes, I was not expecting it to install the installer, but to install the macOS … but I should have read the instructions more carefully. That solved that confusion. Thanks!

Anyone having luck with downloading the full 6GB Mojave installer from the App Store? On one machine I only get a 22MB stub installer. On another machine I was able to download the full 6GB version but the installer app reports to be damaged. I re-downloaded it a few more times with the same results.

Yes, several days ago after it was first re-posted. There were lots of problems with the mirror sites that Apple CDN uses, but those have reportedly been cleared up now.

The advice I’m reading now is to clear all caches that might impact the download. Unfortunately I have no idea what those might be. Perhaps starting up in Safe Mode will take care of that. I have heard a few reports in the past of that working for uses with such constant problems.

Hi
I downloaded El Capitan from the link above and launched it to have Install OS X El Capitan.app in /Applications.

One thing i noticed is, InstallESD.dmg from InstallMacOSX.pkg has a different hash than in /Applications/Install OS X El Capitan. And the file size is bigger too by 1mb.

Is that normal?

So, any suggestion on finding the old installer to create the bootable USB drive (I’m trying to resolve the SIerra installer error)?

In my haste to fix my installers I unfortunately deleted my old installer.

As far as I’ve been able to tell, it’s been permanently removed from all Apple servers. I recovered mine from Time Machine.

Apple frowns on sharing such things amongst users, but that’s the only source I’m aware of at this time. It’s too large for most sharing web sites so I suspect you will need to locate someone close by that still has one to physically copy.

-Al-

Excellent suggestion to look at backups. I found an ‘old’ 10.12.5 Sierra installer, created a bootable USB with the expired installer (the createinstallmedia approach) and then as suggested copied the new installer with updated certificate to the drive.

I haven’t tested installing, but I do know that I can boot from it.

Twice I have downloaded new installers for High Sierra and El Capitan and every time they still have the expired certificates. I have removed the original downloads and moved them to the Trash - but didn’t empty the Trash. Might that be an issue?

Or is it something else?

I think I’m gonna try to do the next downloads on a newly wiped laptop and see if that has any impact. Any ideas would be welcome.

I’ve not tried in a while, has the Sierra installer issue been resolved yet?

The currently posted Sierra installer fixes the expired certificate problem.

The only remaining issue is that you won’t able to create a bootable installer on a USB Drive and Apple has told at least one user that they won’t be fixing it.

I worked around the problem by using the old installer (from my TimeMachine) to create a bootable Thumb Drive and then replaced the installer with the one currently posted.

With a newly imaged MacBook Pro running Mavericks I downloaded El Capitan from the App Store. From that download I created a bootable flash drive. When I used that flash drive on another laptop I got the error message relating to expired certificates ("No packages were eligible…)

Why can I not download the El Capitan installer with the new unexpired certificates?

I’m not sure, but I am replying to say that I created a bootable flash drive from the newly downloaded El Capitan installer about 10 days ago and it worked fine (which was good, because I couldn’t install El Cap on the old iMac from the Recovery partition on its drive.) I was getting ready to send an old 2007 iMac to Apple for recycling and I wanted to do a fresh install over my old drive, and the bootable drive worked fine.

Ok, so i went to install mojave on my macbook air and it gave me the old certificate or cant install mojave because of damaged install package blah blah. i read a ton of ideas and how to’s. heres what i did which was ridiculously easy…no bootable drive, no hocus pokus. went to applications and deleted the mojave installer. emptied the trash bin. rebooted the computer. downloaded mojave installer again and poof it worked…i’m using it as we speak.

Yes, it should be just that simple now. The discussions we have been having here involve a variety of issues:

• Early problem with the Apple mirror sites not being updated with the new installers.
• Desire to create a bootable drive for a variety of reasons.
• Complete inability to create a bootable drive with the new Sierra installer (that will apparently always be an issue)

If all you want to do is install a new macOS, your method is the way to go.

I had exactly the same thing happen to me despite downloading a brand new Mojave installer. Then I realized, the problem is launching the installer off an external HDD. As soon as I moved it back onto my internal boot SSD, it launched just fine.

Does this make any sense?

Also, assuming this can’t be remedied, it indicates I cannot use this copy on an external drive as a rescue installer. Perhaps its only use to me is to make a bootable USB stick that I in an emergency would use to boot from and install. Kind of a bummer.

It seems that Apple certifies their operating systems for a certain period of time and when that time has expired, error messages appear, like the one above.
Try this:

1. Reboot while holding the option key, then select the install disk you are trying to install.
2. Once the installer has loaded, disable WIFI.
3. Click on Utilities>Terminal.
4. Once the Terminal window appears, type the line of text below and then hit return.
   date 1010101019
   This will set the date and time on to the 10th of October 2019 at 10:10. Try doing the installation again and if that date/time doesn’t work, set the date even further back, like 1010101018 or older.

I really don’t think this is a certificate/date issue. The exact same installer ran just fine off the internal boot SSD. The error only showed when running it from an externally attached HDD.

Out of curiosity, if you made a bootable installer (DVD or thumb drive) using the createinstallmedia script before the certificate expired, does that installer also fail to install after expiration?

Good question. No something I can try out I’m afraid. I trashed the old installer and downloaded a fresh one form apple.com. It’s that fresh installer that runs fine from the internal boot SSD, but throws the error when launched from an external HDD.

I can answer that from experience with a definite yes. The drive boots, but the installer that is on it is identical to the one previously downloaded, so it’s certificate will also have expired. I had to redo all such drives when that occurred.

I still use the old installers. I just launch the Terminal and use the date command to reset the Mac’s internal clock to the same day but in 2018. Be sure networking is off, BTW. Then exit Terminal and continue with the installation. Simple.

Example:
date mmddhhmmyyyy
…so for May 4th, 8:15am, 2018 you’d use:
date 050408152018

Or disconnect networking and set back the clock in System Preferences

I just wanted to add this bit of information. I have a new 2020 MBP that shipped with Catalina. I still wanted to download Mojave and HS installers to use for new VMs. Neither the command line download commands nor the App Store links from Apple’s KB articles worked. Command line returned errors (“Install failed with error: Update not found”) and App Store claimed this version could not be downloaded. I actually had to get out my old 2013 MBP (running Mojave) to download Mojave and HS. That worked just fine though.

I guess Apple does not allow downloading an installer to a newer Mac that never support that OS version. In light of VMs or people supporting others that appears silly. It’s not as if a too old installer would actually run on new hardware, you’d always get an error.

That’s annoying. I can see why Apple does it, but it just seems unnecessary. Why prevent a download when you’re already preventing installation?

I don’t think any of Apple’s App Stores allow downloading software that cannot run on the current device. Yes, macOS installers are not like other software but they haven’t made an exception.

If you don’t have an older working Mac to download an older macOS to use within a VM, here’s an alternate idea: Download a macOS that’s not in the App Store, like Sierra, install it in the VM, then inside the VM download and upgrade it to the macOS you want (or just download it and use the installer to make a “clean” VM instance).

To have access to all the OS downloads, one must maintain a park of Macs which have native access to all the OS. It’s also important to maintain bootable drives which might be eligible for those installs as sometimes it’s hard to download an older OS on a newer OS even on an eligible computer. I can download any MacOS X version under the sun at this point – thank you Apple – but I need at least three different Macs to be able to do so.

What worries me more is that the T2 chip seems to make an install Mac specific, just like in the bad old days of Microsoft attaching Windows installs to a specific piece of hardware. This is going backwards and not in a good way. Perhaps someone running several T2 computers (a single one wouldn’t give away this issue) might be able to shed some light on their experience of backups from failed hardware and moving hard drives from one T2 Mac to another.

Mac-specific installs are a really bad idea. It’s one of those things that traditionally had Macs ahead of everything else, Win or Linux. There’s no reason to sacrifice unique key advantages of the platform such as this.

That said, I have to admit it’s not immediately clear to me what T2 has to do that.