Jamf Nation Community

tcandela · ‎06-26-2018

computers running 10.13.5 are now getting the following policy failure when installing Sharp printer driver. Anybody have an idea on how to use this -allowUntrusted

I found this installer line for iLife
sudo installer -dumplog -verbose -allowUntrusted -pkg "path/to/iLife.pkg" -target /

this is a self service printer install policy.
the driver policy is a custom event that gets called, it's always worked so i know it's not a policy issue, it's a high sierra issue with this new Certificate trust

* Installation failed. The installer reported: installer: Package name is MX-PBX1<br/>installer: Certificate used to sign package is not trusted. Use -allowUntrusted to override.

tcandela · ‎06-27-2018

I figured something out that got the certificate trusted.

i cached the print driver installer
used execute command with installer -allowUntrusted -pkg ppppppppp -target /

and it installed the driver

View solution in original post

chris_hansen · ‎06-26-2018

Suspicious Package and Pacifist can show you what certificate was used to sign the installer, so maybe take a look at the .pkg with one of those tools.

tcandela · ‎06-27-2018

@chris.hansen what can i do once i find the certificate information? I installed the driver on a test laptop and the initial screen shows an untrusted certifacate message, i click allow, and then the rest of the driver install proceeds. Afterwards i look in keychain access and see the certificate

tcandela · ‎06-27-2018

I figured something out that got the certificate trusted.

i cached the print driver installer
used execute command with installer -allowUntrusted -pkg ppppppppp -target /

and it installed the driver

claudiogardini · ‎06-28-2018

You can also remove the Certificate entirely as described here. https://managingosx.wordpress.com/2012/03/24/fixing-packages-with-expired-signatures/

chris_hansen · ‎07-03-2018

Ask the vendor to update the installer with a valid cert?

Jamf Nation Community

Sharp printer driver with High Sierra