Monday, April 11, 2022 [Tweets] [Favorites]

Unable to Establish Secure Connection to idmsa.apple.com

Matt Godden:

If you’re using #macOS #HighSierra or #Sierra, #iCloud has stopped working / can’t log in, and you can’t access iCloud.com in Safari - here’s a solution.

Install the Apple IST CA 2 - G1 certificate, and everything will work again.

Previously:

7 Comments

This is what you get relying on the “cloud”. Loss of control. You’re at the mercy of some megacorp.

Small clarification - the current problem appears to be the security certificate connected to setup.icloud.com (according to Safari's web inspector), which is why iCloud services are failing.

The issue with idmsa.apple.com was a different (similar) problem that effected the security certificates used for the servers that ran iTunes Connect, and Apple discussion forums.

Both were solvable with the intermediate certificate, though the idmsa issue did have a more permanent fix to do with repairing certificate pinning (detailed in a different discussion linked in the solution I posted). I'm not sure if this new issue will have options for a similar solution.

Matt Godden

Update: The CA 2 - G1 certificate expired around ~2hours ago (as of this post), and has not yet been updated by Apple.

While the System Preferences Application Details still words, the other symptoms return - iCloud.com cannot log in with Safri, and all your iCloud-syncing Apple will fail - Tweetbot 3 for example can't read your topic list, or create new topics.

A temporary solution is to go into Keychain Access, View > Expired Keychain Items for Login keychain, Get Info on the expired certificate, and in the trust settings set "when using this certificate" to "Always Trust".

That will make everything work again, instantly.

Matt Godden

...seems to be broken again.

I found another workaround regarding this issue. Beside changing the trust settings to "Always trust" on the CA 2 - G1 certificate, there's another certificate trust settings that needs to be changed as well. Go to Keychain Access > System Root / Certificates > Look for "GeoTrust Global CA" whose expiration date is around 21 May. Double click on this certificate then change the trust settings to "Always trust".

It worked as expected. If iCloud Drive is still not working, just reboot your Mac and it would word again.

Matt Godden

@DavidLin Beat me to it. Instant fix.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment