Apple Software Update Certificate Expiration

By Richard Mallion
This is very important!
Companies that are running Apple’s Software Update Service really need to read this tech note from Apple,  Apple KB:5198.
In summary this is what is happening:
1. The certificate that Apple signs its software update installation packages with is expiring on March 23, 2012.
2. As a result Apple have or will repackage everything with a new certificate that is good until the year 2019.
3. All existing Software Update Software Packages are being reposted. The only change is the certificate they have been signed with has been updated.
What this means for yours that  if you are running a local Software Update Server  it’s going to download everything again. Apple’s recommendation here is to delete the SUS cache on your servers and let it pull everything down fresh. Otherwise you are going to see oddness with update validation and your SUS storage space will suddenly double.
They are not going to be reposting outdated updates in Software Update Server. So for instance the Lion 10.7.3 update will get reposted, but the Lion 10.7.2 will not. This change only affects Software Update Server and the older updates are still available on the Apple support page.