Unable to login iTunes from desktop app

Article Id: 170816

Status: Published

Updated On: 07-02-2019 14:24

Legacy Id: TECH248731

Products:

Web Security Service - WSS

Issue/Introduction:

Unable to login iTunes from desktop application while under a protected network

"There was an error connecting to the apple ID server"

Cause:

iTunes app implements Certificate pinning. The iTunes application asks for the SSL certificate from Apple over an HTTPS connection. When SSL Inteception is enabled in the Web Security Service (WSS), iTunes receives the WSS' certificate, rejects the certificate and generates an "There was an error connecting to the apple ID server" error.

Resolution:

Create an SSL Interception Exemption Destination for the "gsa.apple.com" URL. This is the resource that apple uses to verify iTunes certificate.

Service > Network > SSL Interception > SSL Interception Exemptions > Destinations > Add > New > IP/Subnet > add "gsa.apple.com"