Why: The Package was Signed with a Certificate That Has Expired – Mac OS X
If you attempt to install a Mac OS X application package, you may receive a warning about the package certificate is expired.
The package was signed with a certificate that has expired. If you acquired this package recently, it may not be authentic. Do you want to continue with the installation anyway?
Generally, a certificate proves the application installer is from the original creator, and that it has not been modified by anyone else in any way shape or form. Application installer packages are required to be signed with certificates if they are published in the Apple App Store. Installer packages that do not get updated for some time may contain a certificate that expired.
You should always err on the side of caution and not install a package with an expired certificate. However, if you know the package has not been modified (i.e. the installer has been sitting on your hard drive for years) then proceed with caution hitting continue on the prompt.
You can check if a package is signed using the command below with the updated path of your package in Terminal.
pkgutil --check-signature /path/to/package.pkg
To check an application, hash type, hash checksum, and signing authority, type the following command in Terminal.
code sign -dv --verbose=4 /path/To/Application.app
Finally, you can manually extract a package file using Terminal and bypass the pkg installer prompts altogether.
pkgutil --expand /path/to/package.pkg /output/destination/