Monday, April 11, 2022

Unable to Establish Secure Connection to

Matt Godden:

If you’re using #macOS #HighSierra or #Sierra, #iCloud has stopped working / can’t log in, and you can’t access in Safari - here’s a solution.

Install the Apple IST CA 2 - G1 certificate, and everything will work again.


11 Comments RSS · Twitter

This is what you get relying on the “cloud”. Loss of control. You’re at the mercy of some megacorp.

Small clarification - the current problem appears to be the security certificate connected to (according to Safari's web inspector), which is why iCloud services are failing.

The issue with was a different (similar) problem that effected the security certificates used for the servers that ran iTunes Connect, and Apple discussion forums.

Both were solvable with the intermediate certificate, though the idmsa issue did have a more permanent fix to do with repairing certificate pinning (detailed in a different discussion linked in the solution I posted). I'm not sure if this new issue will have options for a similar solution.

Matt Godden

Update: The CA 2 - G1 certificate expired around ~2hours ago (as of this post), and has not yet been updated by Apple.

While the System Preferences Application Details still words, the other symptoms return - cannot log in with Safri, and all your iCloud-syncing Apple will fail - Tweetbot 3 for example can't read your topic list, or create new topics.

A temporary solution is to go into Keychain Access, View > Expired Keychain Items for Login keychain, Get Info on the expired certificate, and in the trust settings set "when using this certificate" to "Always Trust".

That will make everything work again, instantly.

Matt Godden

...seems to be broken again.

I found another workaround regarding this issue. Beside changing the trust settings to "Always trust" on the CA 2 - G1 certificate, there's another certificate trust settings that needs to be changed as well. Go to Keychain Access > System Root / Certificates > Look for "GeoTrust Global CA" whose expiration date is around 21 May. Double click on this certificate then change the trust settings to "Always trust".

It worked as expected. If iCloud Drive is still not working, just reboot your Mac and it would word again.

Matt Godden

@DavidLin Beat me to it. Instant fix.

Matt Godden

Final Update (hopefully): Apple have issued a new CA 2 - G1 certificate, expiring May 2025, which replaces the previous expired one, and is also self-signed, so the GeoTrust certificate no longer needs the altered trust settings, and can be allowed to expire.

@Matt Godden Thanks for the update :)

How is this not mainstream news?! I guess I'm the only one using High Sierra?

Downloaded the updated CA 2 - G1 certificate. What happens in 2025 if I'm still using High Sierra?! LMAO

Everything iCloud stopped synching until I found this video on Youtube which also led me to this blog when Google searching.. Thank you everyone. Everything is synching again.

Leave a Comment