The certificate for this server is invalid (s.mzstatic.com.)

Read this if applicables.mzstatic

site owned by Apple @ so Call

Cupertino, CA 95014

US

Telephone: +1.4089744286

Fax: +1.4089744286

Can the iPad find app updates when connected to the same network? What about other Macs on the network?

This could be a complicated problem to solve, as there are several possible causes for it.

Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.

Step 1

From the menu bar, select

 ▹ System Preferences... ▹ Date & Time

Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.

Check the box marked

Set date and time automatically

if it's not already checked, and select one of the Apple time servers from the menu next to it.

Step 2

Start up in safe mode and log in to the account with the problem.

Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.

Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.

The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

If the problem is not reproducible in safe mode, then it's caused by third-party "anti-virus" or "security" software. If you know what that software is, remove it as directed by the developer after backing up all data. If you don't know what it is, ask for instructions.

Step 3

Triple-click anywhere in the line below on this page to select it:

/System/Library/Keychains/SystemCACertificates.keychain

Right-click or control-click the highlighted line and select

Services ▹ Show Info

from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.

Repeat with this line:

/System/Library/Keychains/SystemRootCertificates.keychain

If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.

Step 4

Launch the Keychain Access application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.

In the Keychains list, there should be items named System and System Roots. If not, select

File ▹ Add Keychain

from the menu bar and add the following items:

/Library/Keychains/System.keychain

/System/Library/Keychains/SystemRootCertificates.keychain

Open the View menu in the menu bar. If one of the items in the menu is

Show Expired Certificates

select it. Otherwise it will show

Hide Expired Certificates

which is what you want.

From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled

Secure Sockets Layer (SSL)

select

no value specified

Close the inspection window. You'll be prompted for your administrator password to update the settings.

Now open the same inspection window again, and select

When using this certificate: Use System Defaults

Save the change in the same way as before.

Revert all the certificates with non-default trust settings. Never again change any of those settings.

Step 5

Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.

Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select

Help ▹ Keychain Access Help

from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.

Step 6

From the menu bar, select

Keychain Access ▹ Preferences... ▹ Certificates

There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.

Step 7

Triple-click anywhere in the line of text below on this page to select it:

/var/db/crls

Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.

Restart the computer, empty the Trash, and test.

Step 8

Triple-click anywhere in the line below on this page to select it:

open -e /etc/hosts

Copy the selected text to the Clipboard by pressing the key combination command-C.

Launch the built-in Terminal application in the same way you launched Keychain Access.

Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost

If that's not what you see, post the contents of the window.

Hallo Davis,

I have too some problems as the described. I have executed the steps that you suggested and the output of my /etc/hosts differs only in a new line:

##

# Host Database

#

# localhost is used to configure the loopback interface

# when the system is booting. Do not change this entry.

##

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1 localhost

fe80::1%lo0 localhost

Another iTunes Error message that blocks is also:

iTunes can’t verify the identity of the server “init.itunes.apple.com”.

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “init.itunes.apple.com”, which could put your confidential information at risk. Would you like to connect to the server anyway?

Other problems are here with the connection with App Store: the icon in the dock is showing that an update is ready (red pointed one), but if i start the program there is no content in the App Store window. So I decided to sign out and new sign in ... After new logging I became the error message "connection failed"

It links all to permissions and certificates trouble

Have you any idea?

ciao

Massimo

Linc Davis wrote:

...OMISSIS...

Step 3

Triple-click anywhere in the line below on this page to select it:

/System/Library/Keychains/SystemCACertificates.keychain

Right-click or control-click the highlighted line and select

Services ▹ Show Info

from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.

Repeat with this line:

/System/Library/Keychains/SystemRootCertificates.keychain

If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.

If that's not what you see, post the contents of the window.

When I follow the instruction of Step 3 I find the in the Sharing&Permission field only Permissions for System (RW), wheel (R) and everyone (R). There are not explicit Permission for me (the logged user). Is this right?

If I login with another user account I have no errors with iTunes and no errors with App Store ... Ok with the other user account I'm not logged in my APPLEID or in another iTunes account.

I will try to recover my keychain as next step and I will post if there are better news

ciao

After many tries and resets I solved according Step 5, but not in the category "my certificates" where I had only few certificates. The goal was to select in the category pane certificates and there to delete all expired/invalid certificates + all VerySign (after exporting as BackUp) Certificates.

THX for showing the way. Also the Apple Customer Support, the AppStore Support and the iTunesStore support was not able to show the right workaround.

I just wanted to repeat what Massimo said. It was Step 5 that did it, and deleting the expired certificates and Verisign. I did not export and reimport the valid certificates. It was just the deleting the expired certificates and Verisign that did the trick. Thank you Linc and Massimo.

Also, that was kinda traumatic for a non-techie to do. If this becomes a repeated problem, perhaps someone could devise an easier fix.