Without having changed anything, I now get this message when I try to open the app "Breeze" – Other apps fail similarly on other Macs:
I tried to get rid of this message by re-installing it from the App Store, but nothing changes. Rebooting and changing gatekeeper security preferences also doesn't help by choosing "allow Apps downloaded from anywhere".
What the heck is going on?
Best Answer
Pretty much everyone is in the same boat as you. The situation is quite complicated, but this picture shows some of the details of the layers of certificates involved in making a "receipt" file:
Apple engineers used a certificate that is marked as Not VALID After : Nov 11 21:58:01 2015 GMT to sign apps that were downloaded for a long period this year. Additionally, one of the certificates used to be signed with Signature Algorithm: sha1WithRSAEncryption and is transitioning to sha256WithRSAEncryption which isn't fully supported by all OS and developers.
The best write up (of many good ones) is by Ben Toms:
In a nutshell, one of the keys making up the wrapper that apps use to verify a proper App Store download expired yesterday. Apple has renewed that certificate, but you might need to take action now to remedy this error.
Oddly, the apps that Apple itself made, rely on some other validation chain of trust since they include this same now expired certificate yet still run on OS X. Basically, those apps seem to use another (or no) validation of the receipt for correctness.
If you're comfortable with the command line, try restarting the process that tends to these now outdated app receipts:
If you power off your Mac, that also cycles the accounts daemon and should fix things so you don't have to re-download the apps to the computer after the time when that one Apple certificate expired.
At this point, when you try to run the app, you should be prompted to re-enter your password one time. This will get you a new certificate from Apple which may or may not solve the actual breakage depending on how or if the application uses the receipt file.
Another thing that can cure false certificate failures is to check your date/time settings and then try signing out of the Mac App Store entirely. If you still cannot run the app after signing back in, you might be forced with deleting the app and re-downloading it after verifying your date/time and rebooting the OS. Be sure to check spotlight and delete all copies of the app. Empty the trash before trying to restore the download.
If all else fails, contacting both the developer of your specific app as well as Apple Support for guidance might be prudent since the programs that handle this receipt validation and generation are not well documented.
Big thanks also to Craig Hockenberry and Paul Haddad for the great technical explanations on what's happening here. Without community working together we might be in the dark far longer when uncomfortable breakages like this arise.