Q: Repeated failed Software Update since upgrade to Mountain Lion
Since upgrading to Mountain Lion, I've been unable to successfully run Software Update for Apple software. This includes iPhoto, iTunes, OS X itself, and so forth, though other App Store purchases come through fine. sudo softwareupdate -l asks for an admin password, hangs for a while, then quits without error ("No new software available."). I've attempted reinstalling Mountain Lion (complete with a clean installation, then restoring files back from Time Machine), deleting the .plist file for Software Updates, and resetting the PRAM and system clock.
Of note, my install log is filled with hundreds of repeats of the following entry, though with different dates:
Oct 9 17:14:11 ***.local Software Update[3558]: Failed Software Update - trust evaluation failed in SecTrustEvaluate with result: 3
Oct 9 17:14:11 ***.local Software Update[3558]: Can't load distribution from https://swdist.apple.com/content/downloads/24/12/041-5684/xBZPYvpkKVWptD5BpKbpbh PSDyp87s553f/041-5684.English.dist.gz: Host cert invalid or otherwise insecure download
This seems to indicate some sort of problem with my certificates. I've attempted a keychain repair, but Keychain Access finds nothing wrong. What else can I try?
MacBook Pro (15-inch Early 2008), OS X Mountain Lion (10.8.2)
Posted on Oct 16, 2012 7:23 PM
I've managed to get this working, finally, and the issue was with the keychain. I had to do two things to get past the error; I'm guessing the settings got migrated from my Lion install, which is why the problem reappeared when I restored files via Time machine.
Open up Keychain Access, then Keychain Access -> Preferences...
Hit the Certificates tab.
Set "Online Certificate Status Protocol" to "Best Attempt".
Set "Certificate Revocation List" to "Best Attempt".
Set "Priority" to OCSP.
Close the Preferences window.
Now, go to the System keychain via the left pane, and see if there are any certification authorities with non-standard settings (it'll have a white + in a blue circle, or a white X in a red circle overlaid over the icon). Go into each of these and reset to defaults (even the ones that seemingly have nothing to do with Apple).
Right-click on the entry and select "Get Info".
Expand the "Trust" list.
For "When using this certificate", select "Use System Defaults".
From here, restart and try Software Updates again. If you have custom trust settings, you can reset them after you've confirmed that updates work.
I don't know if this will work for you, but it's fixed the problem on my end.
Posted on Oct 22, 2012 1:12 PM
