I wanted to pass along to the group an issue I was experiencing regarding the Microsoft Office 2011 14.2.3 update.
When installing the Microsoft Office 2011 14.2.3 update package from Microsoft, installation would fail with the error: "installer: Certificate used to sign package is not trusted. Use -allowUntrusted to override." This would occur through Casper Remote, Self Service, and Policies. Manually installing the package works fine. After troubleshooting, the issue appears to be a corrupted certificate within the package.
This work around worked for me. Results may vary.
Hope this helps.
I don't see a "_CodeSignature" folder in my copy of the 14.2.3 updater pkg. Is it possible that MSFT decided to remove it, based on your feedback?
Or, a better question: Has anyone been able to deploy the 14.2.3 update successfully via Casper, and if so, were any modifications to the package needed?
Sorry, I didn't realize we already had an answer before I answered. I re-read and perhaps this post is a waste of time, but if it helps anyone, here it is.
There are three ways to deal with it easily that I can see. Basically your fight is between Microsoft's policies and Apple's Gatekeeper. When 14.2.3 was released, Microsoft said that the only correct way to acquire updates for Office in Mountain Lion is by using the AutoUpdate utility. Turns out they later offered a manual download method as part of this article:
Now, given this, how do you get into Casper? 3-4 ways.
You could build a new package, add all the updates, make a dmg and push it...messy process...probably not the best answer, but it should work. Reminds me of some older fights with Adobe that we no longer have to fart with.
You could download 14.2.3, run `pkgutil --expand /path/to/package /path/to/unflattened/package` and then run `pkgutil --flatten /path/to/unflattened/package /path/to/final/flattened/package/without/cert`. That should remove the certificate. Bring into Composer, convert to source and sign the package with your Developer ID. I did that in testing and it works, but probably not the best way either.
You could turn off Gatekeeper on your workstations, push the package and then reactivate it. (This is perhaps a safe way provided you know that you have a genuine package.
One idea I didn't try....try running FSEventer on a sample machine while you run Microsoft AutoUpdate. See where MS gets their signed package from. Grab it...downside to that is, they may have done a special one that only runs through the updater.
Hope these ideas give you some food for thought.