Office 2011 14.2.3 Update

New Contributor

Good Afternoon,

I wanted to pass along to the group an issue I was experiencing regarding the Microsoft Office 2011 14.2.3 update.


When installing the Microsoft Office 2011 14.2.3 update package from Microsoft, installation would fail with the error: "installer: Certificate used to sign package is not trusted. Use -allowUntrusted to override." This would occur through Casper Remote, Self Service, and Policies. Manually installing the package works fine. After troubleshooting, the issue appears to be a corrupted certificate within the package.

Work Around

This work around worked for me. Results may vary.

  1. Open the Office 2012 14.2.3 Update.dmg file.
  2. Drag the Office 2012 14.2.3 Update.pkg to the Desktop.
  3. Right click (Control Left click) the Office 2012 14.2.3 Update.pkg and select "Show Package Contents"
  4. Double click the "Contents" folder.
  5. Right click (Control Left click) the "_CodeSignature" folder and select "Move to Trash".
  6. Upload using Casper Admin and deploy to a test Mac via your prefered deployment method (Casper Remote, Self Service, or Policies).

Hope this helps.


Valued Contributor II

I'm curious if your issue would resolve itself by running the 14.2.4 update?

New Contributor

14.2.4 requires 14.2.3 as a prerequisite:

Contributor II

I don't see a "_CodeSignature" folder in my copy of the 14.2.3 updater pkg. Is it possible that MSFT decided to remove it, based on your feedback?

Or, a better question: Has anyone been able to deploy the 14.2.3 update successfully via Casper, and if so, were any modifications to the package needed?



Honored Contributor

I've updated 14.2.5 just fine. We had 14.2.3 out quite some time ago as part of the base image so it didn't go through a proper install process.

Valued Contributor III

Sorry, I didn't realize we already had an answer before I answered. I re-read and perhaps this post is a waste of time, but if it helps anyone, here it is.

There are three ways to deal with it easily that I can see. Basically your fight is between Microsoft's policies and Apple's Gatekeeper. When 14.2.3 was released, Microsoft said that the only correct way to acquire updates for Office in Mountain Lion is by using the AutoUpdate utility. Turns out they later offered a manual download method as part of this article:

Now, given this, how do you get into Casper? 3-4 ways.

  1. You could build a new package, add all the updates, make a dmg and push it...messy process...probably not the best answer, but it should work. Reminds me of some older fights with Adobe that we no longer have to fart with.

  2. You could download 14.2.3, run `pkgutil --expand /path/to/package /path/to/unflattened/package` and then run `pkgutil --flatten /path/to/unflattened/package /path/to/final/flattened/package/without/cert`. That should remove the certificate. Bring into Composer, convert to source and sign the package with your Developer ID. I did that in testing and it works, but probably not the best way either.

  3. You could turn off Gatekeeper on your workstations, push the package and then reactivate it. (This is perhaps a safe way provided you know that you have a genuine package.

  4. One idea I didn't try....try running FSEventer on a sample machine while you run Microsoft AutoUpdate. See where MS gets their signed package from. Grab it...downside to that is, they may have done a special one that only runs through the updater.

Hope these ideas give you some food for thought.


Esteemed Contributor II

I don't suppose Microsoft has a way to push an update command?

Bite my tongue, thirty lashes and off to purgatory...I should be ashamed for presuming Microsoft would ever...well....