When I was provisioning the User profile Synchronization service in SharePoint 2013, the UPS service started and stopped and identified the “ILM Certificate could not be created: Cert Step 2 could not create” in the Event Log.
Then tried the below fix and worked fine for me.
1. Log in to the SharePoint 2013 server
2. Start-> Run->MMC-> Add/Remove snap-in
3. In the left panel, Select certificate->select computer Account->Next and Finish
4. Expand the certificate tree in the left panel and remove “ForeFrontIdentityManager Certificates from the below three folder locations
b. Trusted Root Certification Authorities
c. Trusted People
5. Once you removed ForeFrontIdentityManager Certificates, then try re-provision the User profile synchronization service.