Dang. Yeah the Drive is the one thing I rely on. It's still syncing with my iPhone and iPad fine so the problem is isolated to just the old MacBook.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Restoring iCloud Sync / Account Access / Safari access to iCloud.com
- Thread starter mattspace
- Start date
- Sort by reaction score
In the meantime, for what it’s worth, I’ve sent a request for an updated certificate to contact_pki@apple.com…
I would prefer that @Apple get a fix ASAP!
I would prefer that @Apple get a fix ASAP!
Reply that someone on Apple Support Forums got from Apple Canada on the phone, doesn’t look good for us:
«
Just got off the phone with apple Canada support 2nd level engineering. the agent checked his Mac running Monterey and found the same expired certificate.
Summary:
As of May 16, 2022 older versions of OSX can not use iCloud notes… (some, sort of, maybe).
Reason given is that newer OSX have the ability to request the latest certificate and the older don’t.
The issue is not the certificate itself but that the Apple Server will not no longer issue certificates to older OSX (implemented silently May 16).
There will be no update to the downloadable version of AppleISTCA2G1.cer for security reasons.
Apple service supports the latest three versions of OSX that any particular Mac can run.
My MacBook Pro 15” from 2012 is running OSX10.13.3 so it might be within the latest support bracket if I update to OSX10.13.6. The agent could not confirm that updating would fix my problem.
Older versions of OSX are not updated with the latest in Apple’s security features so they can no longer run with iCloud notes unless it is the highest OSX version for that particular Mac… (some, sort of, maybe).
Given all the some, sort of, maybes from Apple I’m gonna wait till Tuesdayto see if Apple fixes this anyway. »
***A little tired of their planned obsolescence disguised as « security »…
«
Just got off the phone with apple Canada support 2nd level engineering. the agent checked his Mac running Monterey and found the same expired certificate.
Summary:
As of May 16, 2022 older versions of OSX can not use iCloud notes… (some, sort of, maybe).
Reason given is that newer OSX have the ability to request the latest certificate and the older don’t.
The issue is not the certificate itself but that the Apple Server will not no longer issue certificates to older OSX (implemented silently May 16).
There will be no update to the downloadable version of AppleISTCA2G1.cer for security reasons.
Apple service supports the latest three versions of OSX that any particular Mac can run.
My MacBook Pro 15” from 2012 is running OSX10.13.3 so it might be within the latest support bracket if I update to OSX10.13.6. The agent could not confirm that updating would fix my problem.
Older versions of OSX are not updated with the latest in Apple’s security features so they can no longer run with iCloud notes unless it is the highest OSX version for that particular Mac… (some, sort of, maybe).
Given all the some, sort of, maybes from Apple I’m gonna wait till Tuesdayto see if Apple fixes this anyway. »
***A little tired of their planned obsolescence disguised as « security »…
Ran down this thread when I fell into AGAIN a sync issue with NOTES on my Mac. WTF!Apple! Totally unacceptable. Knowing quite a bit about certificates and computer security, and having worked for Apple, I am more than just a little tired of their (un)planned obsolescence disguised as << security >> ... it is so transparently obvious what they are doing. Either that or incompetence, but they know what they are doing. If they will not fix the problem, I will sign up for a class action lawsuit as a lead plaintiff. Srsly. This is complete b.s. There are a variety of workarounds they could implement. Don't piss on my head and tell me it's raining Apple.
Upgrading to 10.13.6 will not solve the problem, as that is where I am. Does anyone know is this specific to High Sierra and earlier releases? Will upgrading to 10.14 solve the problem if Apple won't (which they should)?
Last time this happened, I lost a half-days worth of work when all my local notes on the Mac would no longer sync and when I did finally diagnose and fix the cert issue, note changes were overwritten by the non-current old versions from the cloud. I can no longer trust iCloud sync. I'm serious about this costing me money and signing up for a class action. F-U Apple!
Upgrading to 10.13.6 will not solve the problem, as that is where I am. Does anyone know is this specific to High Sierra and earlier releases? Will upgrading to 10.14 solve the problem if Apple won't (which they should)?
Last time this happened, I lost a half-days worth of work when all my local notes on the Mac would no longer sync and when I did finally diagnose and fix the cert issue, note changes were overwritten by the non-current old versions from the cloud. I can no longer trust iCloud sync. I'm serious about this costing me money and signing up for a class action. F-U Apple!
Last edited:
10.14.6 still syncs. My Mac Pro is on that OS. Though now I'm seriously concerned when the next shoe is going to drop and all Mojave users are forced out to pasture.
I might be on board with that class-action lawsuit.
I've been putting it off, but will need to prioritize getting upgraded to 10.14 before they do put it out to pasture so that I can get things stable there while downloads and certificates are still available. Say what you will about Windows, but Microsoft does heaps better in this regard. Expect these problems to continue forever with Apple with every generation. They've really turned off a bunch of indy developers with their cadence of changes to dev tools and libraries in the name of security. A class action would stifle that ... or regulation. They have been brought kicking and screaming into a variety of compliances these ways.
Thankfully this time I found the problem in less than a day and had only a few changes to notes, that I copied over from the app to browser interface login to icloud. I should have to do this because Apple wants me to upgrade? B.s.
Thankfully this time I found the problem in less than a day and had only a few changes to notes, that I copied over from the app to browser interface login to icloud. I should have to do this because Apple wants me to upgrade? B.s.
Could we just pull a working certificate from Mojave?
**Oh well, no sign of this Intermediate certificate on my Mojave machines…
**Oh well, no sign of this Intermediate certificate on my Mojave machines…
@eicca :
Answer from the Apple Support forums member who found the « other » certificate:
« I found that I need both certificates for it to work.
iCloud drive sync's fine that way, and so does everything else works as supposed to »
The way I see it, you need the old expired but set to « always trust » certificate and the « other » one. Worth a try…
**He just confirmed that’s the case…
Answer from the Apple Support forums member who found the « other » certificate:
« I found that I need both certificates for it to work.
iCloud drive sync's fine that way, and so does everything else works as supposed to »
The way I see it, you need the old expired but set to « always trust » certificate and the « other » one. Worth a try…
**He just confirmed that’s the case…
Last edited:
Dang. No dice for me. Notes and Drive still not syncing.
By << other >> certificate you mean the "Apple IST CA 2 - G1" issued by Baltimore CyberTrust? Does it need to be installed as a System certificate or a login certificate? I double clicked and it installed as a login cert. Also just made the expired one trusted manually ... but sync is still broken and still can't connect to icloud.com via Safari.
I'd prefer not, but given these are login certs, could require a logout/login or reboot. This is very annoying. Also finding that any app I use which syncs via Files has sync broken. F-U Apple. Either sloppy or ruthless. Take your pick. This is where I really grow to appreciate Dropbox and that most of my app synchronization still takes place through it.
I'd prefer not, but given these are login certs, could require a logout/login or reboot. This is very annoying. Also finding that any app I use which syncs via Files has sync broken. F-U Apple. Either sloppy or ruthless. Take your pick. This is where I really grow to appreciate Dropbox and that most of my app synchronization still takes place through it.
Last edited:
Yes. I think it installs automatically as a System Certificate, no?
Sorry that I could not test it personally as, I repeat, don’t use iCloud Drive.
In my case, no problem to access icloud.com via Safari. MBP early 2011 and Sierra BTW.
**Login certificate, sorry!
Last edited:
You are on High Sierra right?
EDIT: here, my notes are syncing between all machines???
A bug specific to High Sierra?
Reboot/relogin did not change anything for me. The previously mentioned certificate 31134a0f94f8a5a6154b5d095f6837e8358d391d.pem installs automatically as a login certificate. The expired one was also in the login keychain, so stands to reason. On a lark, dragged the new one into System, authenticated, and made no difference.
What I know is that iCloud Drive is not sync'ing and Safari errors out with "Connection Error: iCloud encountered an error while trying to connect to the server." While Chrome can connect to icloud. That iCloud Drive sync is still broken after these steps, some further step required on High Sierra. A company as big as Apple and there is not a team devoted to monitoring certificate usage and expiry? I'm going to go 50% incompetence and 50% ruthlessness. The attitude is, "So what if we didn't plan for an expired certificate in our sub-n-minus-3 version of the OS. Upgrade sucker."
What I know is that iCloud Drive is not sync'ing and Safari errors out with "Connection Error: iCloud encountered an error while trying to connect to the server." While Chrome can connect to icloud. That iCloud Drive sync is still broken after these steps, some further step required on High Sierra. A company as big as Apple and there is not a team devoted to monitoring certificate usage and expiry? I'm going to go 50% incompetence and 50% ruthlessness. The attitude is, "So what if we didn't plan for an expired certificate in our sub-n-minus-3 version of the OS. Upgrade sucker."
Sorry, you’re right, I think they install in login. Anyway, no reason for Apple to not fix this, apart greed…
well, i'm in the same situation - there is some subtlty to the problem, however. While iCloud Drive isn't working, and a number of applications that use iCloud sync are broken, Calendar sync is still working - events created on my mac are showing up on iOS devices, and so are Airdrop between my iOS and High Sierra devices.
The thing about Apple not supporting High Sierra is that while Apple doesn't provide phone support for it, iCloud lists all the way back to Yosemite as "officially supported".
What I suspect is actually broken now, specifically, is iCloud Drive, and the iCloud-using apps that are broken are the ones that use iCloud Drive sync, rather than just iCloud data sync. So Safari loses history and Reading List sync, as do most apps using iCloud.
The thing about Apple not supporting High Sierra is that while Apple doesn't provide phone support for it, iCloud lists all the way back to Yosemite as "officially supported".
What I suspect is actually broken now, specifically, is iCloud Drive, and the iCloud-using apps that are broken are the ones that use iCloud Drive sync, rather than just iCloud data sync. So Safari loses history and Reading List sync, as do most apps using iCloud.
Last edited:
Did you tried the two certificates workaround suggested by member pedrocaiano from Apple Support forums in my post?
« Answer from the Apple Support forums member who found the « other » certificate:
« I found that I need both certificates for it to work.
iCloud drive sync's fine that way, and so does everything else works as supposed to »
The way I see it, you need the old expired but set to « always trust » certificate and the « other » one.
https://ssl-tools.net/subjects/268487b38c50152997dbd4d17e37ff3f2ef31568
Right click PEM file by Baltimore Cybertrust (2nd one) save as, then double click and give admin user/pass…
And: keeping the old revoked certificate, set as always trust?
If yes, it didn’t worked for you too?
For him (or her?), everything works in High Sierra…
In my case, it works too in Sierra.
Last edited:
Just to be clear, here is what I have in my Keychain:
**Just to be sure, I've rebooted the MBP and logged out/logged in my iCloud account.
**Just to be sure, I've rebooted the MBP and logged out/logged in my iCloud account.
I've tried various combinations of certificates - the presence of the Apple Intermediate certificate, set to always trust, or system default, and the Baltimore one, both in the Login keychain, and they don't seem to solve the problem.
Where previously the Apple certificate solved it instantly.
I'm not going to try logging out, on the basis that SOME iCloud stuff still works, and the last time I tried logging out when this happened, I couldn't log back in again.
I suspect the solution will just be to upgrade to Mojave :/
At least, Mojave is a great OS, I can confirm!
Weird that it works for some and not for others...
**My MBP don't support Mojave unless I use the unofficial method...
Here's how things are looking here....
FYI it didn't ask for any login credentials to add the certificate to Keychain Access, only to change the trust settings from "Use System Defaults".
I suspect an email to Apple's PKI team to at least ask for a statement on whether the intermediate certificate will be renewed or not would not be unreasonable, given iCloud is listed as supporting back to Yosemite.
The signing Root CA "GeoTrust Global CA" in "System Roots" expired on May 21, 2022.
So set both the original "Apple IST CA 2 - G1" and "GeoTrust Global CA" to "always trust"
This works for me in High Sierra (I did a logout & login; not sure if necessary).
Also, in my case, no need to import the second "apple IST CA 2 - g1".
Worth a try.
So set both the original "Apple IST CA 2 - G1" and "GeoTrust Global CA" to "always trust"
This works for me in High Sierra (I did a logout & login; not sure if necessary).
Also, in my case, no need to import the second "apple IST CA 2 - g1".
Worth a try.
Weird, it « should » work… Anyway, why do we, users, have to find workaround for something they could fix easily?
Ah, got an idea: transfer the GeoTrust Global CA from a Mojave computer??
***I only have Geotrust Primary Certification Authority (3 of them) on my Mojave machine?
I believe you can test it out and transfer both from newer macOS.
I haven't tried that way. I simply set both expired certs to "always trust" and problem solved.