User profile for user: NomadicPolymath1
NomadicPolymath1 Author
User level: Level 1
18 points

How to investigate iCloud certificate trace logs?



While accessing https://icloud.com, I experienced unusual behavior: screen flickering, unexpected IP address display, and a prompt to view the site’s certificate—something I’ve never encountered before. Upon inspection, the certificate included www.icloud.com.cn, which is unexpected for a U.S.-based user.


My device was in Lockdown Mode, and I’ve documented the entire incident with screenshots. This raises concerns about potential man-in-the-middle attacks or unauthorized redirection.


I’m sharing this to alert others and seek guidance from AppleSupport,



[Re-Titled by Moderator]

iPhone 15, iOS 18

Posted on May 5, 2025 5:05 PM

Reply
Question marked as Top-ranking reply
User profile for user: Mac Jim ID
Mac Jim ID
User level: Level 9
60,164 points

Posted on May 5, 2025 10:07 PM

You are viewing all names for the DNS where that same certificate is valid. No, it does not mean you are subject to a man in the middle attack or that website is being accessed or that website has access to your computer. None of that is true, instead of needing a different certificate for each domain, the SAN (Subject Alternate Name) allows this same certificate to be used on multiple domains. In this case the same certificate is used for:


It may be helpful to read about what you are referring to instead of just jumping to conclusions. Users in other regions are still directed to the iCloud website without the country code identifier, but as you acknowledged, on the closed system in China, accessing iCloud will be through that domain with the country code. This one certificate validates the iCloud website everywhere instead of needing 5 different certificates for each domain. You can also see the benefits of this multi-domain approach by reading this:

https://www.entrust.com/blog/2019/03/what-is-a-san-and-how-is-it-used


The assertions in your post are completely false. This is "normal and expected". Not sure where you are getting your information from or if you are just completely making up your own conclusions. Please provide sources to those statements as I have.

View in context

Similar questions

18 replies
User profile for user: Mac Jim ID
Mac Jim ID
User level: Level 9
60,164 points

May 7, 2025 2:44 PM in response to MrHoffman

MrHoffman wrote:
As for Google Gemini and Reddit content, here is one of various write-ups: https://mashable.com/article/reddit-answers-google-gemini

Yep, while that article focuses on Reddit provided Google Gemini answers, the $60 million dollar deal also allows training Gemini models on the Reddit posts. That is the part I find concerning. You may have also noticed that many Reddit responses now show near the top of Google searches. This has more to do with money from Search Engine Optimization, then relevant and factual search results. Not that anyone should be surprised with that revelation though.

https://apnews.com/article/google-reddit-ai-partnership-a7f131c7cb4225307134ef21d3c6a708


I am not a Reddit hater by any means, I just have a problem with an AI Service using that data as a model and then convey it to the user as being factual information. I also do not turn to Facebook or TikTok when looking for factual information. If I did I would have to believe that the earth is flat.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How to investigate iCloud certificate trace logs?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up