Q: Apple system applications (Appstore, iTunes, iCloud,etc.) inaccessible after 10.11.0 upgrade (untrusted certificate)

Question

ivar v

Level 1 (23 points)

Mac OS X

Q: Apple system applications (Appstore, iTunes, iCloud,etc.) inaccessible after 10.11.0 upgrade (untrusted certificate)

Apple's Appstore, Safari and iTunes applications (in addition to several third party apps like Chrome) are unable to connect to Apple due to a certificate issue. This issue started immediately following the upgrade to osx 10.11.0, El Capitain. After poking around various forums I have found similar but not identical issues, but it did lead me to look into the Keychain Access app and it appears my computer no longer trusts Verisign(?) as a certificate authority - which is what Apple uses. I'm doubtful that I'm being hacked, but I don't want to compromise my security. What should I do to restore my computer to being functional? How did this happen?

Edit: I found the List of available trusted root certificates in OS X El Capitan - Apple Support and none of certificates in the chain presented by Safari are included in the list of approved certificates listed in the tech support document that I linked. Is Apple serving up an old and busted certificate? Why does Firefox accept the certificate?

Message was edited by: ivar v Added link to trusted certs at bottom.

MacBook Pro (15-inch Mid 2012), OS X El Capitan (10.11), null

Posted on Sep 30, 2015 7:40 PM

I have this question too

Solved

ivar v

Level 1 (23 points)

Mac OS X

A:

Ok, it appears the solution (for me at least) was to open up the 'Keychain Access' app and from the 'login' keychain (top left corner) delete all the certificates on the apple.com domain (after exporting them as a backup). When your Safari / Appstore / icloud tries to connect again it will fetch new certificates and validate them, instead of checking against existings ones.

Posted on Oct 2, 2015 8:34 AM

Q: Apple system applications (Appstore, iTunes, iCloud,etc.) inaccessible after 10.11.0 upgrade (untrusted certificate)

All replies

Helpful answers

by ivar v,Helpful

ivar v Oct 1, 2015 11:26 AM in response to ivar v
Level 1 (23 points)

Mac OS X

Oct 1, 2015 11:26 AM in response to ivar v

There are a few other threads that are trying to deal with this issue. So far 'after upgrade ssl certificates not valid seems the most promising, it links to iTunes and App Store broken after recent update which recommends following the suggestion at http://apple.stackexchange.com/questions/180570/invalid-certificate-after-securi ty-update-2015-004-in-mavericks as a solution to our problem with El Capitain.

The discussion and solution looks to be here - app store unavailable following security update 2015-004 (Mavericks).
I've tried following the proposed solution (despite being hesitant to delete certificates) but I found that even after entering my password as an administrator, Keychain would not allow me to delete the certs. I'd guess that this is due to updated permissions on 10.11. Can someone help confirm that this line of investigation is on the right track? Has anyone who had this certificate issue solved it?
Reply options

Link to this post

by ivar v,

ivar v Oct 1, 2015 11:35 AM in response to ivar v
Level 1 (23 points)

Mac OS X

Oct 1, 2015 11:35 AM in response to ivar v

More related threads:
after upgrade ssl certificates not valid
iTunes and App Store broken after recent update
Reply options

Link to this post

by lindytalbot,

lindytalbot Oct 2, 2015 8:38 AM in response to ivar v
Level 1 (0 points)

Oct 2, 2015 8:38 AM in response to ivar v

THIS (referenced above) was the solution for me (deleting Verisign certificates.)

But I also found that shutdown/restart was critical; after deleting the Verisign certificates, I couldn't sign in to App Store or iTunes (beach ball). I thought it might be an iCould thing so went to System Preferences to see...and System Preferences would not open. Aargh! Force quit all the hanging programs and did a restart.

All is well now.

Thanks, team, for the support here.
Reply options

Link to this post

by murrayE,

murrayE Oct 23, 2015 8:03 AM in response to ivar v
Level 1 (47 points)

Mac OS X

Oct 23, 2015 8:03 AM in response to ivar v
Keychain Access won't allow me to export the com.apple.* keys from the login keychain (before I delete them, as recommended to fix the iTunes problem,).

Here's what I'm doing once Keychain Access is open:
click the login item at top of Keychains pane.
Select all the com.apple.* items.
From File menu select Export Items, select default "Certificates.p12" and select Desktop as target, click Save.
In the resulting pop-up dialog I enter and verify a password to protect the exported items, then click OK there.
In the new pop-up window 'Keychain Access.app wants to export key "Apple ID Authentication...." from your keychain. To allow this, enter the "login" keychain password. I type my login keychain password, clicking Allow.
Nothing happens. (I even tried clicking Always Allow. Still that last pop-up window just stays there and the export doesn't happen.
Reply options

Link to this post

by murrayE,

murrayE Oct 23, 2015 8:43 AM in response to murrayE
Level 1 (47 points)

Mac OS X

Oct 23, 2015 8:43 AM in response to murrayE

I cured the "iTunes can't verify the identity of the server..." problem, by somewhat drastic means: resetting my login keychain, per:

Resetting your keychain in Mac OS X - Apple Support

It's not just an annoyance to have to reenter lots of other login keychain passwords -- which, fortunately, are backed up in 1Password.
Reply options

Link to this post

Accepted Answer · Oct 2, 2015 8:34 AM

ivar v

Level 1 (23 points)

Mac OS X

Oct 2, 2015 8:34 AM in response to ivar v

Ok, it appears the solution (for me at least) was to open up the 'Keychain Access' app and from the 'login' keychain (top left corner) delete all the certificates on the apple.com domain (after exporting them as a backup). When your Safari / Appstore / icloud tries to connect again it will fetch new certificates and validate them, instead of checking against existings ones.

Q: Apple system applications (Appstore, iTunes, iCloud,etc.) inaccessible after 10.11.0 upgrade (untrusted certificate)

All replies Helpful answers

by ivar v,★Helpful

by ivar v,

by ivar v,Solvedanswer

by lindytalbot,

by murrayE,

by murrayE,

All replies

Helpful answers

by ivar v,Helpful