User profile for user: ichingboy
ichingboy Author
User level: Level 1
10 points

Cannot setup Google/Yahoo account El Capitan/Corrupt Certificates

Dear smart people,


I have been locked out of my gmail account today. Here's an unfortunately long but exhaustive list of possible related actions and attempted fixes I've taken:

  1. Google account has been setup on my MacBook Pro Retina (mid 2012) for gmail->Apple Mail, and Google Cal->Apple Calendar. No problems before today.

    I use 2-step verification, and had a handful of application-specific passwords

  2. Downloaded Pokémon Go to my iPhone last night (sorry I ever did), and had a heck of a time setting it up on my phone using Google login.

    I deleted several old app-spec passwords that appeared to be unused, and tried to create one for Pokemon. That never worked, so I had to wait till I was home to peek at my password via Keychain on my Mac. I got Pokemon setup using 2-step verification (via SMS).

  3. I didn't check my gmail on Apple Main until this morning, where it said there was a network problem and told me I had to enter the password. That opened up System Preferences>Internet Accounts>my Google acct, but ended up giving me this message:
    User uploaded file
  4. Next, I went to the community, and found that people had been having issues with login certificates. Sounds like deleting problematic ones fixed it for most people. I had two suspicious ones that I deleted. The problem is, they keep coming back again and again and again after I attempt to delete them. Here's a picture of them:
    User uploaded file
    User uploaded file
  5. Attempted remedies
    1. Turned off 2-step verification on google account
    2. Deleted all related google account login password from Keychain Access.
    3. Deleted my account and certificates from my computer, and then tried to setup the account again. Same message from no. 3 above.
    4. Tried to delete certificates in safe mode. No luck.
    5. Reinstalled system software. No change.
    6. Logged into a different user on my machine, and I was able to get to the prompt screen to setup an account. That user didn't have ANY login certificates.
  6. Other considerations
    1. I have another google account that still works on my computer. It's a Google enterprise account through work. It's never had 2-step verification or application specific passwords, but it hasn't had any issues sending or receiving email today.
    2. I can still login to my personal google/gmail account via Safari. So, it seems the problem is verification via El Capitan's built in "Internet Accounts" management

Posted on Jul 13, 2016 3:18 PM

Reply
11 replies
User profile for user: dianeoforegon
dianeoforegon
User level: Level 5
7,305 points

Jul 13, 2016 5:06 PM in response to ichingboy

For Equifax you might need to select "Trust" > Always Trust.

User uploaded file


Open Keychain Access in Applications/Utilities.

Enter "veri" without quotes in the top search box.

This will show all verisign certificates.

Look for all with the red warning and delete.

Restart

Add your Google accounts. You will need the password to add.


If you still have a problem....

Turn ON Allow less secure apps.

  • Sign in to your Gmail account. Once signed in, in the upper right corner, choose the Google Apps button > My Account.
  • Choose Connected apps and sites. Set Allow less secure apps to ON. It's okay to allow Outlook access. Close the window.


This link goes through the instructions for Outlook for Mac but the setup would be same Mail is less secure apps the problem.

Reply
User profile for user: ichingboy
ichingboy Author
User level: Level 1
10 points

Jul 14, 2016 1:56 AM in response to dianeoforegon

Thanks for the reply, dianeoforegon. I tried to trust the equifax certificate to no avail. Surprisingly, there are no VeriSign certificates in the Login/Certificates keychain. There are VeriSign certs is the System Roots keychain, but it won't allow me to delete those. Also tried the "less secure apps" thing and sorry to say that it didn't help either. That was a new one to me though ...

Reply
User profile for user: dianeoforegon
dianeoforegon
User level: Level 5
7,305 points

Jul 14, 2016 11:10 AM in response to ichingboy

Troubleshooting is a process of elimination.


Testing in a new User will quickly tell you if the problem is system wide or if it's your User's folder that contains the problem.


CREATE A NEW USER


Go to System Preferences --> Create a New User in Users & Groups.

Switch to the New User by logging out/in or use Fast User Switching.


You select not to sign in with your Apple ID if you are not testing an iCloud issue.


Skip > Sign in > Continue


Only default Apple apps will be in the Dock in the new User. Go to Applications to open other apps you might want to test.


Try adding your Google and Yahoo accounts?

Do you still see the issue?



If yes, then the problem is with your base files.

If no, then the problem is in your User's folder.

Reply
User profile for user: ichingboy
ichingboy Author
User level: Level 1
10 points

Jul 14, 2016 3:49 PM in response to dianeoforegon

dianeoforegon, I did get to that point. (I attempted to describe that above in my list of "Attempted Remedies".) I had another user on my computer already, and it didn't have the same problem. So suffice to say, the issue is on the user side of things. I guess that's the good news. But still, I can't get those problematic certificates to delete–or more specifically, to STAY deleted. I delete them and they show up again.


I'm guessing that the file containing the certificate is altogether corrupted, but I wouldn't know how to fix it. It's got to be one of the files in (User)/Library/Keychains folder, right?

Reply
User profile for user: ichingboy
ichingboy Author
User level: Level 1
10 points

Jul 16, 2016 11:04 PM in response to dianeoforegon

The issue is a certificate, not a password. At least I believe it has to do with certificates. Google does use Equifax CA, and since that certificate is marked with a red x, I'm assuming that's the issue.


I've got my password. I can login to google/gmail via a browser no problem. The issue is using Apple Mail and Apple Calendar. More specifically, setting it up via System Preferences>Internet Accounts.

Reply
User profile for user: dianeoforegon
dianeoforegon
User level: Level 5
7,305 points

Jul 17, 2016 11:03 AM in response to ichingboy

Glad the new keychain fixed your issue. Look into the password keepers like 1Password, LastPass, Dashlane, etc. These will keep a secure log of your passwords and allow you to easily enter in browsers using a secure password that is only used for that site. It's recommended that you never use the same password twice.


FYI....

There are certain items that must be in the Keychain app like email account passwords or you would have to enter every time your account connects. For sites where you log in with your browser, you can select to use the iCloud Keychain, but this only works in Safari and not other browsers.


The iCloud Keychain is an ideal choice for certain tasks, but there’s no reason you can’t use it alongside a third-party tool like 1Password, LastPass, Dashlane, etc.


This article talks about other password managers too. FlippedBITS: 1Password Versus iCloud Keychain


Note: If the iCloud Keychain is disabled, the iCloud keychain is replaced with a “Local Items” keychain that has the same contents as the iCloud keychain. Any items added to the Local Items keychain will be pushed out to other devices when iCloud Keychain is re-enabled.


You might find these FAQs helpful


Frequently asked questions about iCloud Keychain - Apple Support

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Cannot setup Google/Yahoo account El Capitan/Corrupt Certificates

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up