QuickAdd Package Finder says it is damaged and can't be opened

New Contributor

I'm trying to enrol a computer (myserver/enrol). User can enter username and password, and download the 1.9MB QuickAdd.pkg file.

However, when we try to open the file, the Finder says:

"“QuickAdd.pkg” is damaged and can’t be opened. You should move it to the Trash." With buttons to Cancel or Move to Trash.

Client is an iMac running Sierra (but happened on El Cap). Server is running 9.97.1482356336

Any suggestions as to how to open it? What can cause this? I'm guessing it is Gatekeeper. Security setting is Allow apps downloaded from App Store and identified developers.

Thanks, James.


Contributor II

More than likely because your QuickAdd package is not signed, and Gatekeeper is turned on. Temporary turn off your security settings and try again. Then in the future, you should sign your QuickAdd packages with Casper Recon.


Or you could hold down the control key when clicking on the pkg and approve the non signed install with admin credentials.


Note: I've found this happens for me when more than one account is logged into the machine, so check that as well.

New Contributor

Thanks for your replies. Certificate was the problem.

The certificate that was signing the QuickAdd.pkg had expired. Got a new one from developer.apple.com and all is good now.

I had to use a defaults.write terminal command to put back the Gatekeeper option in the System Preferences, Security pane, to allow apps from anywhere. Then I could run the QuickAdd package, but it would fail. Looking at the Installer Log showed the invalid certificate issue.

So, for anyone who comes across this when they have the same problem, here's what I did:

  1. Create a CSR in Keychain Access.
  2. Use it to get new certificate from developer.apple.com.
  3. Open that .cer file in Keychain Access.
  4. Export it from KA as a p12 file.
  5. Add this file to Global Management/User-initiated Enrollment/Platforms.

Thanks again for your help, and to Rich Trouton for his documentation at:



New Contributor III

When trying to remove the developer signature, the above never worked and we found its because our MySQL database is on a separate server.
This is how we fixed it.

Stop Tomcat services (we have 2 - a master and a headless)

Connect to MySQL server and run: mysqlcheck -u root -p --auto-repair -o jamfsoftware

Start tomcat services and try the enroll.

Once the QuickAdd.pkg has been downloaded you can open a terminal sessions and type: pkgutil --check-signature <path_to_QuickAdd.pkg>

This will show a status of : 'no signature' - SUCCESS!!