Mr_Shul

Q: The certificate for this server is invalid   (s.mzstatic.com.)

I am getting these messages (attached) which basically say the same thing, which that the server is invalid.  The message pops up when I open iTunes and I am able to continue to use the program, but when I try to use Apple Configurator, it will not launch the program.  This is a problem because I must use Apple Configurator to manage some of my school iPads and paid apps associated with it.  I will list specific details below on all programs.

Screenshot 2015-03-24 13.49.34.png

Screenshot 2015-03-24 13.49.01.png

 

Does anyone else have this issue and are there any solutions? n Could this be a firewall issue with my school's network?  Could it be associated to Apple Server and certificates in there?

 

I look forward to anyone's suggestions.  Thank You!

~ J

 

--------------------

Computer: iMac (21.5-inch, Late 2009)

OS: 10.10.2

iTunes: 12.1.0

Apple Configurator: 1.7.1

iPad 2, iOS 6.1.4, Apple Configurator

Posted on Mar 24, 2015 11:18 AM

Close

Q: The certificate for this server is invalid   (s.mzstatic.com.)

  • All replies
  • Helpful answers

  • by PATRICKMELE,

    PATRICKMELE PATRICKMELE Mar 24, 2015 11:35 AM in response to Mr_Shul
    Level 3 (904 points)
    Mac OS X
    Mar 24, 2015 11:35 AM in response to Mr_Shul

    Read this if applicables.mzstatic

    site owned by Apple @ so Call

    Cupertino, CA 95014

    US

    Telephone: +1.4089744286

    Fax: +1.4089744286

  • by Mr_Shul,

    Mr_Shul Mr_Shul Mar 24, 2015 12:05 PM in response to PATRICKMELE
    Level 1 (5 points)
    Mar 24, 2015 12:05 PM in response to PATRICKMELE

    Thank you.  I did read that other forum article. However, I don't understand why the one user complained about people not researching properly (but yet I did not see any type of helpful information in their demeaning response).

     

    Also, there is an image but it says it "is no longer available".  Does this image pertain to your response?

  • by Linc Davis,

    Linc Davis Linc Davis Mar 24, 2015 1:30 PM in response to Mr_Shul
    Level 10 (208,000 points)
    Applications
    Mar 24, 2015 1:30 PM in response to Mr_Shul

    Can the iPad find app updates when connected to the same network? What about other Macs on the network?

  • by Mr_Shul,

    Mr_Shul Mr_Shul Mar 25, 2015 9:38 AM in response to Linc Davis
    Level 1 (5 points)
    Mar 25, 2015 9:38 AM in response to Linc Davis

    Linc Davis wrote:

     

    Can the iPad find app updates when connected to the same network?

    Yes it can.  One would assume then it is not a firewall/ network issue and just a computer issue?

  • by Linc Davis,

    Linc Davis Linc Davis Mar 25, 2015 12:07 PM in response to Mr_Shul
    Level 10 (208,000 points)
    Applications
    Mar 25, 2015 12:07 PM in response to Mr_Shul

    This could be a complicated problem to solve, as there are several possible causes for it.

    Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.

    Step 1

    From the menu bar, select

               ▹ System Preferences... ▹ Date & Time

    Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.

    Check the box marked 

              Set date and time automatically

    if it's not already checked, and select one of the Apple time servers from the menu next to it.

    Step 2

    Start up in safe mode and log in to the account with the problem.

     

    Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.

    Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.

    The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

    If the problem is not reproducible in safe mode, then it's caused by third-party "anti-virus" or "security" software. If you know what that software is, remove it as directed by the developer after backing up all data. If you don't know what it is, ask for instructions.

    Step 3

     

    Triple-click anywhere in the line below on this page to select it:

    /System/Library/Keychains/SystemCACertificates.keychain

    Right-click or control-click the highlighted line and select

              Services Show Info

    from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.

    Repeat with this line:

    /System/Library/Keychains/SystemRootCertificates.keychain

    If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.

    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.

    Step 4

    Launch the Keychain Access application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad and start typing the name.

    In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.

    In the Keychains list, there should be items named System and System Roots. If not, select

              File Add Keychain

    from the menu bar and add the following items:

    /Library/Keychains/System.keychain
    /System/Library/Keychains/SystemRootCertificates.keychain

    Open the View menu in the menu bar. If one of the items in the menu is

              Show Expired Certificates

    select it. Otherwise it will show

              Hide Expired Certificates

    which is what you want.

    From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled

              Secure Sockets Layer (SSL)

    select

              no value specified

    Close the inspection window. You'll be prompted for your administrator password to update the settings.

    Now open the same inspection window again, and select

              When using this certificate: Use System Defaults

    Save the change in the same way as before.

    Revert all the certificates with non-default trust settings. Never again change any of those settings.

    Step 5

    Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.

    Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select

              Help Keychain Access Help

    from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.

    Step 6

    From the menu bar, select

              Keychain Access Preferences... Certificates

    There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to  CRL.

    Step 7

    Triple-click anywhere in the line of text below on this page to select it:

    /var/db/crls

    Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

    A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.

    Restart the computer, empty the Trash, and test.

    Step 8

    Triple-click anywhere in the line below on this page to select it:

    open -e /etc/hosts

    Copy the selected text to the Clipboard by pressing the key combination command-C.

    Launch the built-in Terminal application in the same way you launched Keychain Access.

    Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:

    ##
    # Host Database
    #
    # localhost is used to configure the loopback interface
    # when the system is booting.  Do not change this entry.
    ##
    127.0.0.1                              localhost
    255.255.255.255          broadcasthost
    ::1                                        localhost

    If that's not what you see, post the contents of the window.

  • by Massimo Lombardo,

    Massimo Lombardo Massimo Lombardo Apr 13, 2015 12:43 AM in response to Linc Davis
    Level 2 (205 points)
    Mac OS X
    Apr 13, 2015 12:43 AM in response to Linc Davis

    Hallo Davis,

     

    I have too some problems as the described. I have executed the steps that you suggested and the output of my /etc/hosts differs only in a new line:

     

    ##

    # Host Database

    #

    # localhost is used to configure the loopback interface

    # when the system is booting.  Do not change this entry.

    ##

    127.0.0.1    localhost

    255.255.255.255    broadcasthost

    ::1             localhost

    fe80::1%lo0    localhost

     

    Another iTunes Error message that blocks is also:

     

    iTunes can’t verify the identity of the server “init.itunes.apple.com”.

     

    The certificate for this server is invalid. You might be connecting to a server that is pretending to be “init.itunes.apple.com”, which could put your confidential information at risk. Would you like to connect to the server anyway?

     

    Other problems are here with the connection with App Store: the icon in the dock is showing that an update is ready (red pointed one), but if i start the program there is no content in the App Store window. So I decided to sign out and new sign in ... After new logging I became the error message "connection failed"

     

    It links all to permissions and certificates trouble

     

    Have you any idea?

     

    ciao

     

    Massimo

  • by Massimo Lombardo,

    Massimo Lombardo Massimo Lombardo Apr 13, 2015 5:51 AM in response to Linc Davis
    Level 2 (205 points)
    Mac OS X
    Apr 13, 2015 5:51 AM in response to Linc Davis

    Linc Davis wrote:

     

    ...OMISSIS...

    Step 3

     

    Triple-click anywhere in the line below on this page to select it:

    /System/Library/Keychains/SystemCACertificates.keychain

    Right-click or control-click the highlighted line and select

              Services Show Info

    from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.

    Repeat with this line:

    /System/Library/Keychains/SystemRootCertificates.keychain

    If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.

    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.

    If that's not what you see, post the contents of the window.

    When I follow the instruction of Step 3 I find the in the Sharing&Permission field only Permissions for System (RW), wheel (R) and everyone (R). There are not explicit Permission for me (the logged user). Is this right?

    If I login with another user account I have no errors with iTunes and no errors with App Store ... Ok with the other user account I'm not logged in my APPLEID or in another iTunes account.

     

    I will try to recover my keychain as next step and I will post if there are better news

     

    ciao

  • by Massimo Lombardo,

    Massimo Lombardo Massimo Lombardo Apr 16, 2015 8:17 AM in response to Linc Davis
    Level 2 (205 points)
    Mac OS X
    Apr 16, 2015 8:17 AM in response to Linc Davis

    After many tries and resets I solved according Step 5, but not in the category "my certificates" where I had only few certificates. The goal was to select in the category pane certificates and there to delete all expired/invalid certificates + all VerySign (after exporting as BackUp) Certificates.

    THX for showing the way. Also the Apple Customer Support, the AppStore Support and the iTunesStore support was not able to show the right workaround.

  • by Stacy Horn,

    Stacy Horn Stacy Horn Apr 16, 2015 3:01 PM in response to Massimo Lombardo
    Level 1 (15 points)
    Apr 16, 2015 3:01 PM in response to Massimo Lombardo

    I just wanted to repeat what Massimo said.  It was Step 5 that did it, and deleting the expired certificates and Verisign.  I did not export and reimport the valid certificates.  It was just the deleting the expired certificates and Verisign that did the trick.  Thank you Linc and Massimo.

     

    Also, that was kinda traumatic for a non-techie to do.  If this becomes a repeated problem, perhaps someone could devise an easier fix.