Verisign Certificates?/AppStore,iTunes Connections, and a clueless Hoss.

Safe Mode can take a good bit longer to boot from than normal - I should have warned you - It is "safe" however 😀 and is a necessary diagnostic tool. Let it do it's thing...

okay.

(whew!)

will try it again.😊

okay.

Tried the safe mode thing, no joy there.

Cannot connect.

The new admin dealie didn't allow me to connect either.

I didn't set up another apple id for that account... but it won't connect to the App Store, anyway.

So.

The checking of the two lines- where should I look for them, exactly?

Sharing and Permissions?

and who should I be when I try them?

Took a minute for me to get my internet to be happy after logout and then login.

I think my computer prefers to be Me.

*smile*

Is the thing where I can't look at YouTube or Rotten Tomatoes or iMDB

Open DNS

"This domain is blocked due to content filtering"

part of the same problem?

I don't have any filtering engaged, near as I can tell.

eesh.

never had anything like this before I installed El Capitan.

😟

Thanks for sticking with me, man.

I looked at Console.

A lot of iTunes: CFNetwork Handshake failed(-9807)

and iTunes: CFNetwork SSLHandshake failed.(-9847)

When I try to open the App Store, Console says;

8/25/15 11:53:40.512 PM iTunes[731]: CFNetwork SSLHandshake failed (-9847)

8/25/15 11:53:42.434 PM storeassetd[652]: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)

Does this mean anything helpful to you?

Troubleshooting certificate issues is quite complex isn't it 🙂

Another easy fix before we go further is to press shift+cmd+G in Finder and go to: /var/db/crls/

You're going to delete the following files:

• crlcache.db
• ocspcache.db

Then restart your system normally. This resets the cache of accepted certificates in the system. It doesn’t remove them, it just forces the system to rebuild the caches upon restart.

Also, I want to make sure of something:

1. Open Keychain Access.
2. Select Certificates in the Category picker on the left side
3. In the search bar, type in the word Class.
4. Look through that list, and find any certificates that have a blue + symbol over their icon.

Let me know if you find any...

Back at the beginning of this thread I asked you to go through your certificates looking for expired ones, but I neglected to get you to check the View menu in Keychain Access and make sure that the second menu item is "Hide Expired Certificates" (which actually means that they are currently visible). So, if not, then repeating the steps in my 2nd reply to you.

Finally, if you've tried everything in these last two posts and still no joy then you can try something a bit more drastic:

Keychain Access > Preferences > General > Reset my Default Keychain.

If it fixes it then you'll have to re-enter some passwords again for internet sites etc. and if it doesn't you can move you old Keychain back.

so.

I am starting with simplest first;

found a few expired certificates, when I did the "view" thingie.

One is an Apple Mac Certificate Authority, 4 of them are com.apple.ubiquity.peeruuid.XXXXnumbersinbunches

When I click on one of them, my header says;

self-signed root certificate

expired Thursdayyadayada2013

Then in red

"This certificate is not trusted"

they are in my login keychain

Should I get rid of those?

When I type in "Class", I get no blue + symbols, I have one with a red X symbol.

yes.

complicated.

But educational.

I'm not entirely sure what I am learning...but I am getting SOMETHING out of it.

And building a whole new platform of respect for programmers and the "geeky" folks who can plow through the tedium and frustration of software language to make computers work for us as well as they do.

Next up;

the cricache thing.

I have noticed that the "cri 15" pops up when I click on the Open DNS filtery deal.

Okay 🙂, so - yes - delete all expired certificates and the one with the red X. Delete the two files that I pointed to a couple of replies ago. Then restart your system - I think we're getting there...

okay, so I deleted the crlcache and ocscache and the red x ones that I found.

a restart was done after the crlcache and ocscache removal.

Had to manually remove ocscache from trash "file in use cannot be deleted.." then restarted.

Haven't done the red x removal then restart yet, as I had not seen your most recent reply.

upon looking at system roots certificated, with expired now in view, I have four A-Trust-nQual-xx(number)

sitting at the top of my list.

Before I restart, remove them as well?

System root is one we kind of can't touch?

wish I understood this stuff as well as you do.

I continue to be grateful for your presence in these forums.

🙂

Happy to help 🙂

All expired certs should be deleted - even those in System Roots (don't delete good Verisign certs here though). Then restart and try the App/iTunes Stores again.

how do I get system roots to let me delete stuff?

exporting to desktop, then trashing them still leaves them in the system roots list?

I am missing something here.....

*rests forehead on countertop and sigh exasperatedly*

I'm sure it's not your fault 🙂

I haven't tried deleting a cert from there since I last did it from Yosemite (so perhaps El Capitan prevents you). I am used to right-clicking the cert and having Delete "certnamehere" as an option for expired certs. If it's not there then let it be.

Remove those two files I mentioned above once again for good measure and restart. If you still can't log in to the Store, then please have a look in the Console again and see if the error message has changed now.

Also, please list any certs that still have a red X, a blue dot, or are expired. You don't have to type them out - if you double-click them, you'll be able to select the text next to "common name" and copy-paste it to your reply.

In System, we have "Apple Code Signing Certificate Authority"

and " Certificate Signing"

I was able to delete those.

No blue plus signs anywhere.

I am not able to delete the A-Trust-nQual- s that I noted before. which are in System Roots.

Also, in roots, I have found an expired "TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi" certificate and 2 more of those, one of which expires in Sept. the other expires in Dec 2017.

THAT'S IT!!!!!

My computer has been taken over by Hezbollah, hasn't it!!??!!!

explains everything.

😮

Oh lookie!

More red x's in Login.

Getting rid of those.

Amazing how many one finds when one exposes them to the light.

all getting deleted.....

zap-zap-zap!

begone, bedbugs of my keychain!