Over the last few days, several users let me know they were unable to download our apps from the Mac App Store. They reported that they were receiving this error message when trying to purchase or update:
App Store Error: Failed to verify the preflight file. It is not signed by Apple.
Emails like this are frustrating, because we have absolutely no official way to help such users—Apple handles everything related to the store after we submit our app. They test the app, hopefully approve the app, and then host it for downloading. If the app makes it through this process, it’s pretty clear the code itself is good, and any download issues are related to the user’s system.
In theory, Apple (in exchange for their 30% cut of our revenue) should be helping these users solve such problems. But based on what I’ve heard, that’s not usually the case, so they end up writing to me. After a bit of web searching, I found the cause and solution to the problem: Keychain Access.
In particular, the settings for OCSP and CRL in Keychain Access > Preferences > Certificates. For some apps, and for some users (but not for all apps, and not for all users; I don’t know why), these values must be set to “Best Attempt:”
If these two values are set to anything else, it’s possible that some apps and/or updates will fail to download with the above-noted error message. I’ve never personally touched those settings, and I was curious why others might; a friend pointed out this thread, which recommends changing the settings to reduce background bandwidth usage by the ocsp process.
In any event, if you’re having troubles downloading apps and updates—not just ours, but from any developer—from the App Store, check these settings in your Keychain Access app.