Unable to login iTunes from desktop app

book

Article ID: 170816

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Unable to login iTunes from desktop application while under a protected network

"There was an error connecting to the apple ID server"

Cause

iTunes app implements Certificate pinning. The iTunes application asks for the SSL certificate from Apple over an HTTPS connection. When SSL Inteception is enabled in the Web Security Service (WSS), iTunes receives the WSS' certificate, rejects the certificate and generates an "There was an error connecting to the apple ID server" error.

Environment

This issue occurs while using the Web Security Service (WSS) "SSL interception"

Resolution

Create an SSL Interception Exemption Destination for the "gsa.apple.com" URL. This is the resource that apple uses to verify iTunes certificate.
 
Service > Network > SSL Interception > SSL Interception Exemptions > Destinations > Add > New > IP/Subnet > add "gsa.apple.com"