Unable to Establish Secure Connection to idmsa.apple.com
If you’re using #macOS #HighSierra or #Sierra, #iCloud has stopped working / can’t log in, and you can’t access iCloud.com in Safari - here’s a solution.
Install the Apple IST CA 2 - G1 certificate, and everything will work again.
Previously:
- Some Web Sites Will Stop Working With El Capitan and Older
- Beware Apple Security Certificates After October 24
- Previously Downloaded OS X Installers No Longer Work
- More Mac App Store Certificate Problems
- WWDR Intermediate Certificate Expiration
11 Comments RSS · Twitter
Small clarification - the current problem appears to be the security certificate connected to setup.icloud.com (according to Safari's web inspector), which is why iCloud services are failing.
The issue with idmsa.apple.com was a different (similar) problem that effected the security certificates used for the servers that ran iTunes Connect, and Apple discussion forums.
Both were solvable with the intermediate certificate, though the idmsa issue did have a more permanent fix to do with repairing certificate pinning (detailed in a different discussion linked in the solution I posted). I'm not sure if this new issue will have options for a similar solution.
Update: The CA 2 - G1 certificate expired around ~2hours ago (as of this post), and has not yet been updated by Apple.
While the System Preferences Application Details still words, the other symptoms return - iCloud.com cannot log in with Safri, and all your iCloud-syncing Apple will fail - Tweetbot 3 for example can't read your topic list, or create new topics.
A temporary solution is to go into Keychain Access, View > Expired Keychain Items for Login keychain, Get Info on the expired certificate, and in the trust settings set "when using this certificate" to "Always Trust".
That will make everything work again, instantly.
...seems to be broken again.
I found another workaround regarding this issue. Beside changing the trust settings to "Always trust" on the CA 2 - G1 certificate, there's another certificate trust settings that needs to be changed as well. Go to Keychain Access > System Root / Certificates > Look for "GeoTrust Global CA" whose expiration date is around 21 May. Double click on this certificate then change the trust settings to "Always trust".
It worked as expected. If iCloud Drive is still not working, just reboot your Mac and it would word again.
This solved my issues but I'm not sure this 100% secure.
https://discussions.apple.com/thread/251210686?answerId=252326921022#252326921022
@DavidLin Beat me to it. Instant fix.
Final Update (hopefully): Apple have issued a new CA 2 - G1 certificate, expiring May 2025, which replaces the previous expired one, and is also self-signed, so the GeoTrust certificate no longer needs the altered trust settings, and can be allowed to expire.
@Matt Godden Thanks for the update :)
How is this not mainstream news?! I guess I'm the only one using High Sierra?
Downloaded the updated CA 2 - G1 certificate. What happens in 2025 if I'm still using High Sierra?! LMAO
Everything iCloud stopped synching until I found this video on Youtube https://www.youtube.com/watch?v=v6onjHPwbSA which also led me to this blog when Google searching.. Thank you everyone. Everything is synching again.
[…] VISIT […]
This is what you get relying on the “cloud”. Loss of control. You’re at the mercy of some megacorp.