For good practical reasons, provided an app was signed using a certificate that was valid when the developer signed it, that certificate remains valid in perpetuity unless Apple (as the Certificate Authority) revokes it. But signatures in installers, including those for macOS and its components, must be valid when you run that installer. When any of the certificates used in Apple’s installers expire, Apple has to release a new installer with a certificate that remains valid into the future.

Six years ago, on 24 October 2019, Apple’s intermediate security certificate it had been using to sign all macOS installers and updaters expired. That also applied to most if not all Apple’s user signing certificates, but not the Apple Root CA. The consequence is that none of the installers provided with certificates expiring in 2019 will work on Macs running with a more recent date.

To check whether an installer is affected, double-click it to open it in the Installer app. At the top righthand corner of its window is a small padlock: click on that to review its certificate information. Most Apple installers refer to three levels of certificate:

1. Apple Root CA, the root certificate authority, should expire in 2035.
2. Apple Software Update Certification Authority provides the intermediate certificate, which may have expired on 24 October 2019.
3. Software Update, the user certificate, may also have expired on 24 October 2019.

Normally it’s number 2 above that is the most critical: once an intermediate certificate has expired, all chained user certificates become invalid. Currently, the intermediate certificate for all third-party developer certificates doesn’t expire until 2027. It’s unclear why Apple gives its own certificates an intermediate that expires after less than five years, and you might recall the previous time this happened was in February 2015.

If you have an old Mac and want to install or update macOS on it, using an old installer package with expired certificates will fail. To work around that, you’ll need to locate an installer with updated certificates that remain valid on the date that you perform that installation. There are several ways to accomplish that, with an excellent compilation given by Mr. Macintosh.

One popular way of working around this is to deliberately set your Mac’s clock back to a date before those certificates expired, such as 20 October 2019. Although that’s easy to do, it has far-reaching consequences that you should consider before trying it.

A great deal of macOS depends on the accuracy of date and time stamps. For example, it’s a general rule that the creation timestamp of a file or directory should be the same as or earlier than its modification and other timestamps. Some software used to make backups may become confused with file creation times that are not only more recent than their modification timestamp, but are also more recent than the current clock time. This can also feed through into the FSEvents database used by Time Machine to determine what it should back up, and more.

Macs suddenly running at some time in the past create difficulties in the log as well. You may well discover that log entries written at times set to be days or years ago can’t be found, particularly if you do later return that Mac to correct time. That’s another decision you need to think through carefully: once you have run the outdated installer, will you return the clock to normal timekeeping, so it leaps forward by more than 6 years?

As a general principle, don’t try fiddling with your Mac’s clock to pretend it’s a time in the past. That may leave you a mess that is too deep-seated to be put right.