Verisign Certificates?/AppStore,iTunes Connections, and a clueless Hoss.

Hi Hoss,

Apple Community Forums may be preventing you from posting there because it detects that your system is on 10.11, and they don't want to host posts that potentially violate the NDA you have with Apple by using their beta OS.

Here is a step by step for removing the Verisign certs:

1. Open Keychain (by pressing CMD+Space and then typing “Keychain”).
2. Click on "Login" and "All Items" in the left hand column.
3. Scroll down to the bottom.
4. Select all certificates starting "Verisign".
5. Right-click (control-click) them and select "Delete ...".

DO NOT remove the certificate by that name under the "System Roots"

Max.

If that doesn't do it, follow these steps:

1. Open Keychain (by pressing CMD+Space and then typing “Keychain”).
2. Then type "veri" into the Keychain app's searchbar.
3. For each of the VeriSign certificates, do the following:
   • Check that the certificate is still valid (far right column) and delete it if it isn't.
   • Double-click it, which brings up it's own window and expand the "Trust" menu.
   • Make sure "When using this certificate:" is set to "Use System Defaults", not "Always Trust".

     The remaining 10 should be left at "no value specified".

hmm.

The only Versign certs I can find in my Keychain are in my Roots section.

Good thing I can't delete them from there!

Any idea what these; iTunes can’t verify the identity of the server “p3-buy.itunes.apple.com”

iTunes can’t verify the identity of the server “su.itunes.apple.com”.

........etc...sometimes as many as 5 of them, are about?

Is this why I can't access the App Store, as well?

Trying to download a fix,if it's a bug, (and it certainly didn't start until this version of stuff), is going to be tricky, if we can't get onto the App Store....

Thanks for your input, Max!!

I'm always thrilled that you are on these forums!

p.s.

I did, successfully, submit a Feedback report on this.

Whatever isn't letting me into the App and iTunes Stores, is not a problem for Cloud sign in and for Feedback and Forum use.

Do you have Two Factor Authenication turned on (You might have been invited soon after updating to El Capitan)?

Not that I am aware of.

I do not recall receiving such an email.

How do I find this in my computer?

I ask because 2FA can cause this issue...

You can see if you are enrolled in Two Factor Authentication or not by looking in System Preferences > iCloud > Account details > Secutity tab on your Mac... (look at the bottom of the pane - mine says "Two Step Verification: Off")

The iTunes can’t verify the identity of the server “p3-buy.itunes.apple.com” etc. issue has quite a few potential causes and is not new to El Capitan.

Assuming that your 2FA is not active for you then there are some other things you need to check - first though, can you confirm that you had no trouble following the steps here:

okay.

NO.

I am in the OFF mode, so, NO to the 2FA dealie.

I don't THINK I had any trouble following your instructions about the Verisign stuff.

I only have VerSigns in the System Root section.

I have 7 of them in System Roots.

They are all set as you directed, "Use System Defaults".

Nothing else.

I didn't even have to change anything, they were already set that way.

Thanks again, for helping.

You are awesome!

First, a couple of possible fixes that are nice and easy to try:

• Open Keychain Access again and press alt + cmd + A. Then enter your password and start the repair.
• System Preferences > Date & Time > Set date and time automatically and select one of the Apple time servers.

If, after a few minutes, App Store and iTunes still won't connect, then it's time for some diagnostics:

• Reboot your computer in Safe Mode by holding the shift key immediately after switching on and holding it until you see the progress bar. Please let me know if you can connect in this mode...
• Create a temporary new admin account from System Preferences > Users & Groups > Open Padlock > + button. Log into the new account and test connectivity there too and, again, let me know the results...
• Boot normally and then, for each of the two lines below: select it then right-click it and go to Services > Show info in finder.The dialog should show "You can only read" in the Sharing & Permissions section - let me know if it doesn't:
  • /System/Library/Keychains/SystemCACertificates.keychain
  • /System/Library/Keychains/SystemRootCertificates.keychain

There are a few more diagnostics if necessary, but that's enough for now.

okay.

I will work on that this evening or tomorrow, when I get back on my computer and am not sleep deprived.

I am massively gratitudinous for your assistance, and I appreciate that you are not trying to short-circuit my head all in one overwhelming go.

COol thing about all this; in spite of annoyance, I always come away from the messy side knowing more about my Mac, how the OS works, what the software is really doing when it has accidents.

I guess that's another benefit of participating in beta testing and working with the developer crowd while a new thing is being grown.

WOrking through problems, with a fab mentor like Max, only makes us better, Max here teaches more than just ol' Hoss, when he answers questions patiently and completely.

I am sure there are hundreds of folks who appreciate Max, and the process, in much the same way I do.

I read other people's questions, and sometimes chime in, just so that I can understand it all that much better.

THANKS SO MUCH!z

okay.

The Keychain access and date setting dealie didn't change anything.

Interestingly- some kind of update happened,(I have auto updates switched on), it asked me if I wanted to restart after update, etc. As soon as the restart,(iTunes is a start up item), iTunes immediately started tthe nonsense about "can't verify..." yada yada.

If I can't connect to iTunes or the App store, how is my computer able to get updates?

I sure do not understand that.

Also; was I supposed to restart the computer between the KeyChain repair and trying the App store?

Keychain Repair said it found no issues, at completion.

Going to try the Safe Mode thing next, after I have another section of free time.

p.s.

Which Public Beta is current?

My Mac is telling me we are on 15A262e.

okay, so I tried rebooting in safe mode.

The progress bar got almost to the end, then the computer just shut down.

I waited a couple of minutes, to see if it was just dark because it was booting, or something.

It didn't do anything, so I pushed the start button again, got the chime, then the progress bar came back and it took a while to boot,(didn't hold the shift key, as it kind of freaked me out when it just quit), and, after a longer start-up than usual, we're back.

Still getting the error messages about certificates on iTunes, still unable to connect to the App store or iTunes store.

next, I will do the new account dealie.

thanks for your patience with me.

That's the current one.