Fix iCloud Errors & “Can’t Establish Secure Connection with idmsa.apple.com” on MacOS Sierra & High Sierra
Some Mac users running MacOS Sierra and MacOS High Sierra have found they’re unable to login to an Apple ID or iCloud through System Preferences, or access iCloud.com in Safari. Additionally, Apple websites requiring usage of an Apple ID from Safari fail with a ‘Safari Can’t Open Page’ error “because Safari can’t establish a secure connection to the server ‘idmsa.apple.com’.”
If you’re experiencing any of the following type of error message on MacOS High Sierra or macOS Sierra, you should be able to fix them by installing an Apple certificate in Keychain Access:
MacOS iCloud System Preferences error “You can’t sign in at this time. Try signing in again.”
Safari error with iCloud.com “Connection error : iCloud encountered an error while trying to connect to the server.”
Mac Safari error with any site using Apple ID: “Safari Can’t Open the Page : Safari can’t open the page ‘https://idmsa.apple.com’ because Safari can’t establish a secure connection to the server ‘idmsa.apple.com’
One workaround to the idmsa.apple.com connection errors in Safari is to use another browser like Chrome, Firefox, or Brave, but that won’t resolve the System Preferences issue, nor will it resolve the Safari errors.
Note: this is only relevant to MacOS Sierra (10.12.x) and MacOS High Sierra (10.13.6) with Safari 13. Newer versions of MacOS are not impacted by this issue and therefore do not require any such fix.
Fix “Can’t Establish Secure Connection with idmsa.apple.com”, iCloud, & Apple ID Errors on Safari in MacOS Sierra, High Sierra
To fix the Safari idmsa.apple.com connection errors, inability to use Apple ID errors, and iCloud errors, use a functioning web browser on the impacted MacOS and do the following:
- Go to the Apple certificate page here: https://www.apple.com/certificateauthority/
- Download the Apple Intermediate Certificate labeled “Apple IST CA 2 – G1 Certificate” (direct link to AppleISTCA2G1.cer)
- After you have downloaded the AppleISTCA2G1.cer file, got to your Downloads folder and double-click the certificate to install it into Keychain Access
- The ‘Apple IST CA 2 – G1’ entry should now be shown in Keychain Access
- Relaunch Safari to resolve the Safari connection errors. Optionally, reboot the Mac to resolve the System Preferences iCloud errors
Many Mac users continue to run older versions of system software like MacOS High Sierra and MacOS Sierra, whether for compatibility reasons with some older apps and games, because older hardware doesn’t support later versions of MacOS, for personal preference, and for any number of other reasons.
Because older versions of MacOS do not receive system updates from Apple, issues and errors like this one are typically left to the end user to troubleshoot and resolve on their own, so we’re thankful for mjtsai and @metaning for pointing out the solution to this issue, found on discussions.apple.com.