iCloud login problem on Sierra, High Sierra? Try this.

I had this problem too. 3 days of complete stress as every attempt I made to solve it depleted my photos library (20,000+ photos disappeared). Thanks to this solution I luckily restored my photos and iCloud Drive. Very worried about the May expiration dates as I have also pasted this certificate into my iMac running Catalina which was also locked out of iCloud. Also despite restoring the operating system on my Catalina iMac and Sierra MacBook one of my most important apps no longer works (Tascam us-16x08 Panel Settings app) just will not load at all so not sure if it’s a connected issue or not but too much of a coincidence. My iMac ended up full from iCloud storage with only 17gb free, simply locked up at almost every key stroke. Pretty sure this is apples underhand way of forcing OS and hardware upgrades, I had no certificate expiration warnings at all, very unhappy with apple (paying too whack for 2tb iCloud storage) with lousy customer support.

So the dreaded day has come, the certificate has expired (as announced previously) and I'm right back to where I started.

iCloud has stoped working again.

SOLUTION: Open Keychain Access, Double click on the Apple IST CA 2 - G1 Certificate, Expand Trust option, When using this certificate: Select "Always Trust".

Restart the Mac.

Done!

Thank you pedrocaiano for adding that solution. I had not expired yet, and hoped I wouldn't, but was nervous when you posted you did. I just looked at my keychain, and I no longer have the Apple IST CA 2-G1 in listed (if I look for it on my computer, it says it exists, but has expired), but I have other certificates that don't expire for at least another year, so I think I had already selected to always trust when I installed. I hope I am in good shape for now.

Again, thanks. I had it set to show expired on my main laptop, but didn't realize it wasn't on the Sierra one (and forgot about that). I just did that, and now see it again, as well as am choosing to Always Trust. I guess I was lucky so far.

Open Keychain Access, In Keychain access menu bar go to View/Show Expired Certificates. 

Double click on the Apple IST CA 2 - G1 Certificate, 

Expand Trust option, 

When using this certificate: Select "Always Trust".

Restart the Mac.

Done!

Just got off the phone with apple Canada support 2nd level engineering. the agent checked his Mac running Monterey and found the same expired certificate.

Summary:

As of May 16, 2022 older versions of OSX can not use iCloud notes… (some, sort of, maybe).

Reason given is that newer OSX have the ability to request the latest certificate and the older don’t.

The issue is not the certificate itself but that the Apple Server will not no longer issue certificates to older OSX (implemented silently May 16).

There will be no update to the downloadable version of AppleISTCA2G1.cer for security reasons.

Apple service supports the latest three versions of OSX that any particular Mac can run.

My MacBook Pro 15” from 2012 is running OSX10.13.3 so it might be within the latest support bracket if I update to OSX10.13.6. The agent could not confirm that updating would fix my problem.

Older versions of OSX are not updated with the latest in Apple’s security features so they can no longer run with iCloud notes unless it is the highest OSX version for that particular Mac… (some, sort of, maybe).

Given all the some, sort of, maybes from Apple I’m gonna wait till Tuesday to see if Apple fixes this anyway.

That's sorta BS of them. I have some Macs that I will not update because I will lose software that I use regularly and can't replace. I have other Macs that I can update. There is no reason to cut off the older computers functionality. That said, I don't use iCloud for almost anything (for good reason). I just push messages from my phone to my other devices so I don't have to carry my phone around everywhere, and it's easier to type on a computer. On some devices, that, and Find My Mac, are the ONLY reasons I need to keep them logged into my account. This certificate allows me to keep doing those two things.

My iMac Runs on 10.13.6 so updating to the last High Sierra version will not solve the problem.

Glad I found that "other" certificate to extend iCloud use on my iMac until 2025, although I know it's obsolete it still does everything I need it to do. It's not only iCloud Sync and Notes that uses this certificate, iMessages, FaceTime, My Photo Stream, iCal, Contacts etc... all those things are linked to this certificate and stop syncing across devices.

It's unfortunate that we are left to our own devices to sort this out...

from experience I now that every phone call about the same thing to apple support will result in a different answer everytime that are maybe, some time, could be, we don't know...

have you a link to the certificate good till 2025?

Oh thanks! In my case, not needed as I don’t use iCloud Drive but only Calendar, Notes and Contacts syncing. Anyways, I’ve reinstalled the expired one on my MBP and my iPad. I know someone who will be happy on another forum… ;)

Are you on High Sierra (I guess the answer is yes)?

Members on MacRumors tried the two certificates workaround and it doesn't work: one not even able to log to icloud.com on Safari and the other with Notes not syncing.

In my case, Notes are syncing and I'm able to log to icloud.com (Sierra). Strange...

Tried appleistca2g1_bc.cer and it did not work.

I updated one of my machines from OSX10.13.3 to OSX10.13.6. still not working so i'm signing it out of iCloud then back on and see if that works. Is taking a long time... still waiting a few hours for it to save a copy of everything to my Mac before signing out. I'll let it run overnight.

Solution: Additionally You had to Trust the Root Certificate of Geo Trust which is used in Apple IST CA 2 - G1

The signing Root CA "GeoTrust Global CA" in "System Roots" expired on May 21, 2022.

So set both the original "Apple IST CA 2 - G1" and "GeoTrust Global CA" to "always trust"

This works for me in High Sierra !!!

Notes, Safari, iCloud drive,... now syncing again (reboot not necessary)

puh....

Maybe I'm just [un]lucky! My 8yo Macbook is running Mojave 10.14 and had the first error in April, and downloading the certificate fixed it for me. And then stopped syncing again when the certificate expired.

Finally found what worked for me: (OSX10.13.3)

In Keychain Access:

Set these to “always trust”:

-original "Apple IST CA 2 - G1”

(AppleISTCA2G1.cer)

expired 20220520

Showing in the Keychain column “Login”

-second "Apple IST CA 2 - G1”

(appleistca2g1_bc.cer)

expires 20250507

Showing in the Keychain column “Login”

-“GeoTrust Global CA"

expired 20220520 (when I did this to the one I found a second identical appeared)

Showing in the Keychain column “System” and/or “System Roots”

I set them last night and they still work this morning.