Skip to main content

Hello JAMF Nation - I recently started deploying Java 7 Update 11, and I've been experiencing some errors on a few machines. The machines seem to all be 10.7.4 workstations (the package seems to install OK on 10.8.2 - but has also been successful on 10.7.4 and 10.7.5 workstations). I am using the vendor package. Here is the error received:

Installation failed. The installer reported: installer: Package name is Java 7 Update 11
installer: Certificate used to sign package is not trusted. Use -allowUntrusted to override

Is anyone else experiencing this issue? Thanks for any help!

Try stepping through the installer interactively on a machine that you've gotten this error on. During the installation, the Installer window should have a lock icon in the upper right corner. Click it to see the installer's certificate details. It should show you where along the certificate verification chain it's having a problem.


I am not sure of the timing, but I am wondering if it's...

At one point Apple released an update, to "Apple Software Updater", which allowed it to use Apple's 'new certificates' - because the old ones were no longer valid...

If that Target machine did not get this update - then it would reject all (other) Apple updates.
If that is the case ( ?), then the solution would be to apply the Update to "Apple Software Update" first, and then the other updates would be accepted... Since their certificates would then be valid.


@jarednichols - I will try this out on a clients machine...


Yeah, I saw this a lot in the August/September timeframe, not since. CLI installs would fail, but going through the GUI was fine. Probably something like the above...


are you seeing this issue when the deployment is through an HTTPS distribution point?


Mine was http.


I am having a similar problem. How do you step through the installer process interactively?


I stepped through the installer manually on the users machine, using the same .pkg that is being deployed via JSS and the installation is failing. I checked the installation cert, and it is a trusted/verified cert from Oracle. I noticed the following error in the system log after i attempted the installation manually:
1/22/13 12:40:34.606 PM com.apple.SecurityServer: Failed to authorize right 'system.install.app-store-software' by client '/System/Library/PrivateFrameworks/PackageKit.framework/Versions/A/Resources/installd' [48860] for authorization created by '/System/Library/CoreServices/Installer.app' [48681]

Maybe the disk permissions have been corrupted? I'm going to try a repair and see if that helps...
*Update: Repaired permissions and the same error is received* What would be the easiest way to integrate the -allowUntrusted command into the package? hmm...

Kristd - You can step through the installer process interactively by executing the .pkg manually on a client workstation. I just copied my .pkg from the distribution point and downloaded it locally on the machine.

tdurdan - I am not using HTTP or HTTPS distribution points... SMB only.

Thanks all.
JS


HI,
I am seeing this issue with the SMART Notebook Interactive Viewer.pkg. It was working perfectly well last week, and today it fails with error:
Installation failed. The installer reported: installer: Package name is SMART Notebook Interactive Viewer
installer: Certificate used to sign package is not trusted. Use -allowUntrusted to override.

This from multiple distribution points, to multiple targets.
Probably not coincidentally, the SmartTech website never seems to finish loading...
Anything I can do other than wait for SMART to fix?
S


@Sandy, if you really want to it sounds like you can do a custom deployment that would use command line installer on a target package and use the -allowUntrusted flag to get around the issue.
I would check in with someone at SMART on it though, if possible. They may have an answer as to why its failing with a bad certificate error. That process is there to ensure you're not installing a compromised pkg, but I doubt you are in this case.


Thanks Mike! I just sent a request through to SMART
Sandy


Sandy: we just ran into this ourselves. The problem is that the developer 'SMART Technologies' has signed their package with a certificate that expired earlier this year. Oops.

However, since the jamf binary will happily install an *unsigned* package (just not a signed package with an expired certificate), you can use these instructions to strip the certificate from the package, after which it should install just fine: http://managingosx.wordpress.com/2012/03/24/fixing-packages-with-expired-signatures/


Josaxo, did you find a resolution for this? I'm having the same problem with Java 7 update 17 and 10.7.4.

Thanks,
Luke


I had the same problem with a Toshiba driver package I was attempting to install today. Thanks for posting that link, Robo - pkgutil worked great.