Support

Get help using our products.

Cannot activate on older versions of Mac OS X

On older versions of Mac OS X, when trying to activate our software, you may get a message saying that iDefrag or iPartition cannot talk to our servers, or that your machine is not connected to the Internet.

The reason for this is a little complicated, so bear with us :-)

When your computer talks to a secure web server (using SSL/TLS/HTTPS), it can tell that the server it’s talking to is genuine (and indeed tell who owns it) because it is given a digital certificate by the server. In order to prevent people from impersonating (say) your bank, these certificates are digitally signed by a certificate authority (or CA for short). That’s great, but how does it help? Well, your computer knows which certificate authorities it should trust — it has a list containing the root certificates owned by the certificate authorities it trusts. Quite a long list, actually, and whether or not they’re all trustworthy is another question too, but that’s another story. The essential point here is that the root certificates identify the certificate authorities themselves, and allow your computer to prove that the digital certificate for (for instance) https://coriolis-systems.com really was issued, by a reputable entity, to Coriolis Systems, and not to J. Random Con Artist.

(If you’re interested, you can see the root certificate list if you run Keychain Access, which you’ll find in the “Utilities” folder in your “Applications” folder.)

Now, the other thing you need to know about certificates is that they have expiry dates. Even the root certificates that identify the CAs. And herein lies the problem. If you are running a new-ish operating system, Apple will have updated the root certificate list with new certificates as CAs’ certificates expired or were replaced. But if you are on an older version of Mac OS X, you may be beginning to notice that some websites bring up warnings about certificates. That’s happening because those sites are using certificates that were signed by CAs using root certificates that aren’t on your machine. As a result, your computer doesn’t trust them.

Unfortunately, this problem appears to affect secure.coriolis-systems.com, which is where older versions of our software try to go to activate themselves. The simplest fix is to run Safari, enter

https://secure.coriolis-systems.com

into the address bar, and when the message comes up about the certificate, choose “Show Certificate”. You should see a short tree of certificates, including

Ensure that the “secure.coriolis-systems.com” certificate is highlighted, then open up the “Trust” section (click the triangle) and set it to “Always trust”.

Note: we don’t recommend doing this, in general. In this particular case, the information exchanged with our server is encrypted and so if someone was to impersonate secure.coriolis-systems.com it wouldn’t help them. Moreover, we don’t use that domain for anything other than the old activation system.

An alternative and somewhat cleaner approach is to install the root certificate you need, which you should be able to download from this page.


Posted by alastair at 2015-May-18 15:05:24 UTC. Last updated 2015-Nov-17 12:11:45 UTC.