User profile for user: OldSchoolAdmin
OldSchoolAdmin Author
User level: Level 1
88 points

iCloud login problem on Sierra, High Sierra? Try this.

My Notes weren't updating on my Macbook Air with High Sierra, so I logged out of iCloud to see if logging back in would fix it, only to find out that I couldn't log back in. Got all of the "Unknown" and "Not at this time, try later errors".


Short story, did all the things, but no success. iCloud is fine, other machines are fine, just not this one. Finally tried logging into iCloud on that machine with Safari and got a "Can't connect to iCloud Servers" error. Ruled out network problems and Firefox connected to iCloud just fine.


Turns out it was a certificate problem preventing this machine from connecting to iCloud. Following the advice in this thread fixed the problem and now iCloud is working correctly again. Download the Apple Intermediate Certificates as mentioned in the first post.


How I solved the Safari 13 and High Sierr… - Apple Community




Posted on Apr 9, 2022 1:11 PM

Reply
Question marked as Top-ranking reply
User profile for user: pedrocaiano
pedrocaiano
User level: Level 1
131 points

Posted on Jun 21, 2022 4:03 AM

Download the Apple Intermediate Certificates


Apple IST CA 2 - G1 - This is a download link, the certificate will appear in your downloads folder.


  • Double click the downloaded certificate to install it in Keychain Access.


Try to log in to iCloud after that, should work.

View in context

Similar questions

85 replies
User profile for user: dgd
dgd
User level: Level 1
39 points

May 21, 2022 1:20 PM in response to Jasyan7

Just got off the phone with apple Canada support 2nd level engineering. the agent checked his Mac running Monterey and found the same expired certificate.


Summary:

As of May 16, 2022 older versions of OSX can not use iCloud notes… (some, sort of, maybe).


Reason given is that newer OSX have the ability to request the latest certificate and the older don’t.


The issue is not the certificate itself but that the Apple Server will not no longer issue certificates to older OSX (implemented silently May 16).


There will be no update to the downloadable version of AppleISTCA2G1.cer for security reasons.


Apple service supports the latest three versions of OSX that any particular Mac can run.


My MacBook Pro 15” from 2012 is running OSX10.13.3 so it might be within the latest support bracket if I update to OSX10.13.6. The agent could not confirm that updating would fix my problem.


Older versions of OSX are not updated with the latest in Apple’s security features so they can no longer run with iCloud notes unless it is the highest OSX version for that particular Mac… (some, sort of, maybe).


Given all the some, sort of, maybes from Apple I’m gonna wait till Tuesday to see if Apple fixes this anyway.

Reply
User profile for user: dgd
dgd
User level: Level 1
39 points

May 23, 2022 10:40 AM in response to OldSchoolAdmin

Finally found what worked for me: (OSX10.13.3)


In Keychain Access:


Set these to “always trust”:

-original "Apple IST CA 2 - G1”

(AppleISTCA2G1.cer)

expired 20220520

Showing in the Keychain column “Login”


-second "Apple IST CA 2 - G1”

(appleistca2g1_bc.cer)

expires 20250507

Showing in the Keychain column “Login”


-“GeoTrust Global CA"

expired 20220520 (when I did this to the one I found a second identical appeared)

Showing in the Keychain column “System” and/or “System Roots”


I set them last night and they still work this morning.

Reply
User profile for user: moscheja
moscheja
User level: Level 1
11 points

May 22, 2022 8:26 AM in response to pedrocaiano

Solution: Additionally You had to Trust the Root Certificate of Geo Trust which is used in Apple IST CA 2 - G1


The signing Root CA "GeoTrust Global CA" in "System Roots" expired on May 21, 2022.

So set both the original "Apple IST CA 2 - G1" and "GeoTrust Global CA" to "always trust"


This works for me in High Sierra !!!

Notes, Safari, iCloud drive,... now syncing again (reboot not necessary)


puh....

Reply
User profile for user: sbwinter2
sbwinter2
User level: Level 1
9 points

Apr 13, 2022 8:14 AM in response to GilbertVK

Add me to the list of people having this same issue. For me, it started on Apr 7, and after trying lots of solutions in Apr 8, and spending three hours on the phone with Apple, it looked like it was fixed by a reinstall of Sierra and removing/rebuilding the Keychain folder contents and the com.apple.system.preferences.plist file. (Now I am not sure why that worked if it was a certificate issue.)


It was fine until yesterday, when I got my monthly Apple ID lockout (since 2020, my AppleID started to lock me out periodically. It went from once every few months to monthly to weekly, disappeared for a long time, and then came back last Fall, locking me out once a month again. Many people complained about this problem on this forum and concluded that it's a problem with Apple's servers and had no relationship to the OS, or if someone used 2FA). And then nothing worked this time until I posted my own question and a kind person referred me to this certificate solution.


My expiration also says May, so this may be another monthly task, along with the lockout, unless they are related, and that is why all of my devices - old and new, supported and not - are locked out. Maybe they all need to re-certify and now the Sierra laptop can't on it's own because of an Apple server bug.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

iCloud login problem on Sierra, High Sierra? Try this.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up