Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Restoring iCloud Sync / Account Access / Safari access to iCloud.com

mattspace

mattspace

macrumors 68040
Original poster
Jun 5, 2013
3,204
2,888
Australia
Hi Folks,

If anyone is currently experiencing issues connecting to iCloud.com in Safari 13, or can't get to their iCloud account details in the iCloud Prefpane, or is finding apps haven't been syncing in the last ~24 hours, Apple appears to have made a change to their server infrastructure tha breaks the compatability with the system's security certificate setup, so that the OS (and therefore Safari) can't validate setup.icloud.com.

There's a solution that takes about 10 seconds, which is to download and install an intermediate certificate from Apple, and that fixes the problem instantly. you can find the instructions here:

How I solved the Safari 13 and High Sierr… - Apple Community

discussions.apple.com discussions.apple.com

This was a solution for an older problem relating to connecting to idmsa.apple.com, but it applies to this one as well.
 
  • Like
Reactions: Patrice Brousseau and sauria
L

LeonardoCorax

macrumors newbie
Apr 8, 2022
1
1
Huge thanks for this - I was tearing my hair out trying to discover why iCloud Drive had suddenly stopped syncing on two Sierra machines. Using Cirrus from The Eclectic Light Company I was able to see a lot of log entries relating to certificate errors which sent me looking in that direction, and your tip saved the day.
 
  • Like
Reactions: mattspace
mattspace

mattspace

macrumors 68040
Original poster
Jun 5, 2013
3,204
2,888
Australia
LeonardoCorax said:
Huge thanks for this - I was tearing my hair out trying to discover why iCloud Drive had suddenly stopped syncing on two Sierra machines. Using Cirrus from The Eclectic Light Company I was able to see a lot of log entries relating to certificate errors which sent me looking in that direction, and your tip saved the day.
Click to expand...
Glad I could help, gives a warm fuzzy glow, ya know, to spend a day fixing the products of a *trillion* dollar company for free *sigh*. :)
 
  • Like
Reactions: LeonardoCorax
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
My iCloud Drive on my old High Sierra MBP also just quit working. Applied the certificate. Still waiting to see if it fixes the issue.

This is why Apple needs to quit it with the yearly OS updates. The ONE thing Windows has going for it is, if it works on the hardware, then everything stays pretty much current.
 
  • Like
Reactions: Patrice Brousseau and sauria
mattspace

mattspace

macrumors 68040
Original poster
Jun 5, 2013
3,204
2,888
Australia
eicca said:
My iCloud Drive on my old High Sierra MBP also just quit working. Applied the certificate. Still waiting to see if it fixes the issue.

This is why Apple needs to quit it with the yearly OS updates. The ONE thing Windows has going for it is, if it works on the hardware, then everything stays pretty much current.
Click to expand...
If you try loading www.icloud.com in Safari on High Sierra, and it works, iCloud drive should work as well - at least that's been my experience.
 
  • Like
Reactions: Patrice Brousseau
mattspace

mattspace

macrumors 68040
Original poster
Jun 5, 2013
3,204
2,888
Australia
EDIT May 21: The certificate expired today at 1:45am Australian Eastern Time, and everything broke again, aside from getting Account Details in System Preferences.

Until Apple issues an updated certificate, a temporary workaround is to open Keychain Access, go to Login Keychain. View Menu > Show Expired Certificates. Right click on the CA 2 - G1 certificate, go to the Trust Section, and set "When Using Certificate" to: Always Trust.
 
  • Like
Reactions: Patrice Brousseau and LeonardoCorax
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
mattspace said:
EDIT May 21: The certificate expired today at 1:45am Australian Eastern Time, and everything broke again, aside from getting Account Details in System Preferences.

Until Apple issues an updated certificate, a temporary workaround is to open Keychain Access, go to Login Keychain. View Menu > Show Expired Certificates. Right click on the CA 2 - G1 certificate, go to the Trust Section, and set "When Using Certificate" to: Always Trust.
Click to expand...

Can confirm. My High Sierra MacBook Pro didn't sync any iCloud data until I performed these steps, and it immediately began working again.
 
  • Like
Reactions: mattspace
P

Patrice Brousseau

macrumors 6502
Dec 14, 2016
253
71
Montréal, Canada
eicca said:
Can confirm. My High Sierra MacBook Pro didn't sync any iCloud data until I performed these steps, and it immediately began working again.
Click to expand...
It looks the solution was only temporary as per some user on Apple Support Forums.

Fortunately, user @pedrocaiano from Apple Support Forums linked a new Apple IST CA 2 G1 certificate valid until May 2025. This one is issued by Baltimore Cybertrust.

His post was reported and deleted however as someone complained that it wasn’t from a trusted source…

Anyway: https://ssl-tools.net/subjects/268487b38c50152997dbd4d17e37ff3f2ef31568

Right click PEM file by Baltimore Cybertrust (2nd one) save as, then double click and give admin user/pass…

BE991C58-6C18-4E9B-A73F-B298062F2662.png


Also found here: https://www.e2encrypted.com/certs/31134a0f94f8a5a6154b5d095f6837e8358d391d/
 
Last edited:
mattspace

mattspace

macrumors 68040
Original poster
Jun 5, 2013
3,204
2,888
Australia
I’ll check up the solution I posted in the morning, but I have a suspicion my solution to allow the expired cert might have broken again within a day.

The real rock & hard place thing is that while 10.13 isn’t a supported OS, iCloud lists it’s official support as all the way back to Yosemite.
 
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
mattspace said:
I’ll check up the solution I posted in the morning, but I have a suspicion my solution to allow the expired cert might have broken again within a day.

The real rock & hard place thing is that while 10.13 isn’t a supported OS, iCloud lists it’s official support as all the way back to Yosemite.
Click to expand...

This is why the yearly OS cycle drives me insane. The one thing I can praise Windows for: if it runs on the hardware, it’s pretty much current.

So stupid that my Windows 10 install on my Mac Pro has better support and compatibility than the Mac install.
 
  • Like
Reactions: zedex
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
Patrice Brousseau said:
It looks the solution was only temporary as per some user on Apple Support Forums.

Fortunately, user @pedrocaiano from Apple Support Forums linked a new Apple IST CA 2 G1 certificate valid until May 2025. This one is issued by Baltimore Cybertrust.

His post was reported and deleted however as someone complained that it wasn’t from a trusted source…

Anyway: https://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwibrIPv-vD3AhWkk4kEHVRdBnMQFnoECAoQAQ&url=https://ssl-tools.net/subjects/268487b38c50152997dbd4d17e37ff3f2ef31568&usg=AOvVaw3GvwZ0EHSZ_bxa8P61P_5v

Right click save as, then double click and give admin user/pass…

View attachment 2007818

Also found here: https://www.e2encrypted.com/certs/31134a0f94f8a5a6154b5d095f6837e8358d391d/
Click to expand...

I don't know if I'm not doing this right, but right-clicking only gives me a web link and the second link doesn't have a valid download. Just gives me page errors.

Any other options? I need my laptop to just keep working.
 
P

Patrice Brousseau

macrumors 6502
Dec 14, 2016
253
71
Montréal, Canada
eicca said:
I don't know if I'm not doing this right, but right-clicking only gives me a web link and the second link doesn't have a valid download. Just gives me page errors.

Any other options? I need my laptop to just keep working.
Click to expand...
Sorry, the first link should be: https://ssl-tools.net/subjects/268487b38c50152997dbd4d17e37ff3f2ef31568

You open this page and you’ll be presented with this:

9CB7CDDE-9B12-428D-8935-E6B186843B37.png

Then, right-click the PEM Baltimore Cyber Trust link and save as. You’re then supposed to have a new certificate (.cer file) appearing in your download folder. Double clicking will open Keychain and asks for credentials.

My post wasn’t really clear, sorry!
 
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
Patrice Brousseau said:
Sorry, the first link should be: https://ssl-tools.net/subjects/268487b38c50152997dbd4d17e37ff3f2ef31568

You open this page and you’ll be presented with this:

View attachment 2007868
Then, right-click the PEM Baltimore Cyber Trust link and save as. You’re then supposed to have a new certificate (.cer file) appearing in your download folder. Double clicking will open Keychain and asks for credentials.

My post wasn’t really clear, sorry!
Click to expand...

So I follow those steps and it downloads a .pem file. I was able to add it to the login keychain but it never asked for cred. iCloud still isn't syncing. I'm doing something wrong, but not sure what.
 
P

Patrice Brousseau

macrumors 6502
Dec 14, 2016
253
71
Montréal, Canada
eicca said:
So I follow those steps and it downloads a .pem file. I was able to add it to the login keychain but it never asked for cred. iCloud still isn't syncing. I'm doing something wrong, but not sure what.
Click to expand...
For me, choosing « save link as » converted the PEM file to .cer in Safari…

**Sorry, I used Chrome, not Safari…
 
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
Patrice Brousseau said:
For me, choosing « save link as » converted the PEM file to .cer in Safari…

**Sorry, I used Chrome, not Safari…
Click to expand...

I'm in Firefox. Tried with both FF and Safari and it saves as PEM. Manually changed extension to .cer and it still doesn't ask for cred when installing, and doesn't fix the sync issue.
 
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
Patrice Brousseau said:
Just for fun I tried « save linked file as » in Safari and got a PEM file instead. Clicking on it, it opens Keychain and asks for credentials too. I’m on Sierra BTW…
Click to expand...
Interesting. My certificate does appear in Keychain. But sync still ain't working.
 
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
Patrice Brousseau said:
Hoping they’ll issue a « fix » or a new certificate… Sorry it doesn’t work for you.
Click to expand...

For real though. How many people have iCloud services that are bricked now?

Sigh.... Maybe it's just time. I mean, 11 years of service out of this machine is pretty freakin' good.
 
P

Patrice Brousseau

macrumors 6502
Dec 14, 2016
253
71
Montréal, Canada
eicca said:
For real though. How many people have iCloud services that are bricked now?

Sigh.... Maybe it's just time. I mean, 11 years of service out of this machine is pretty freakin' good.
Click to expand...
A lot of people since yesterday and it looks they are not in a hurry to fix it. Better for them if we have to buy a new machine.

**You have a PM BTW...

***I would delete the certificate you have in Keychain, close it and import what I've sent you by PM...
 
Last edited:
eicca

eicca

Suspended
Oct 23, 2014
1,773
3,599
Patrice Brousseau said:
A lot of people since yesterday and it looks they are not in a hurry to fix it. Better for them if we have to buy a new machine.

**You have a PM BTW...

***I would delete the certificate you have in Keychain, close it and import what I've sent you by PM...
Click to expand...

All steps completed. iCloud Drive still isn't working, but Messages and Calendar are syncing fine for some reason.
 
  • Like
Reactions: Patrice Brousseau
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom