Bobcares
Client Area
Emergency Support
Latest

“Cannot Verify Server Identity” in iPhone & iOS : Proven Fixes

by | Jan 31, 2020

“Cannot Verify Server Identity” is a common error in iPhone and other iOS devices. Here at Bobcares.com we see this error almost every day as part of our Outsourced Tech Support services, where we manage the tech support operations of web hosts, digital marketers, and more.

    1. What is the error Cannot Verify Server Identity?
    2. What are the causes of Cannot Verify Server Identity error?
    3. What are the solutions of Cannot Verify Server Identity error?
    4. Conclusion

    What is the error Cannot Verify Server Identity?

    A typical error message looks like this:

    cannot_verify_server_identity

    When an iPhone tries to connect to a mail server securely, it’ll fetch the server’s “SSL certificate” and check if it is reliable. If it finds the certificate expired, or not matching the domain name, or not signed by a well-known company, it’ll mark the cert as unreliable. At that point, the secure connection fails, and iPhone or the device will show the error “Cannot Verify Server Identity“.

    We see this error usually when:

        • The mail server’s certificate is changed (eg. new issuer), or
        • A new account is being setup in iPhone, or
        • After an account migration

    Unfortunately, the error can appear when using any mail servers. It even pops up with popular mail servers like eas.outlook.com, imap.gmail.com, etc. too.

    What are the causes of Cannot Verify Server Identity error?

    Of course, there are cases where this error is shown when the certificate is indeed bad (expired, wrong domain, etc.). But we often see cases where valid certificates are also misclassified as fake by iPhone. The two major reasons we’ve seen are:

    1. A mismatch between Domain name and Server name

    Many hosting companies provide the mail server name as “mail.website-name.com”. Whereas, the certificate of the mail server will be in the format “mail.server-name.com”. When configuring iPhone users put in their mail server as “mail.website-name.com”, but when iPhone fetches the certificate, it sees the name “mail.server-name.com” printed in it.

    iPhone plays safe and marks the certificate as unreliable.

    How we fix it

    We fix it in three ways:

        • Change mail server name – In cases where the hosting customer has a VPS account, we change the mail server name to match the certificate name.
        • Fix mail configuration – If the hosting user is a Shared Hosting customer, we help them change iPhone’s mail server settings to use “mail.server-name.com” instead of “mail.website-name.com”.
        • Setup a free dedicated certificate – For VPS users who didn’t use a valid certificate (eg. self-signed certs are untrusted), we setup certificates from Let’s Encrypt, which is a valid CA that provides free SSLs.

     

    2. “Bug” in iPhone & iOS

    Apple uses pretty strong checks to ensure certificate security. So, if there is no way to change the server’s certificate name or the mail user’s MX name, the error will remain no matter what. In the cases where this error comes up after a server certificate change, we help mail users to explicitly add the server’s SSL certificate to the “Trusted” list.

    To do that,

        • Tap on the “Details” button shown in the error message.
        • And in the next screen, tap on the “Trust” link.

    Cannot Verify Server Identity - iPhone - Trust certificate

    How to fix it in iOS 10.x+

    In the later versions of iPhone and iOS 10.x+, this option to add certificates to “Trusted” list is no longer available. So, for such devices, we’ve found these steps to work:

        • Delete all mail accounts related to your domain.
          • Go to Settings –> Accounts & Password –> [Account Name] –> Delete Account.
        • Then delete all outgoing mail servers in settings.
        • Re-add the mail account(s).

    This will provide the option to “Trust” the certificates again as described above.

    What are the solutions of Cannot Verify Server Identity error?

    1. Bonus: Changing SSL settings

    We are adding this tip from various feedbacks, and from our own experience in the past 2 years. In many cases disable SSL can also fix the error.

    The exact steps involve:
    – Open the Settings app and browse for Passwords & Accounts.
    – Tap the mail app that is causing problems.
    – Next, Select the registered Account.
    – Navigate to Advanced settings and disable the Use SSL feature.

    However, sending emails over non-secure methods can risk your data.

    2. Reinstall Outlook/Gmail mail server certificates

    Recently, when a customer reported the cannot verify server identity error in Outlook, our Dedicated Engineers fixed it by reinstalling the certificate.

    1. Users will receive Internet security warning with 3 options, Yes, No, View Certificate. Here, we click the View Certificate button.
    2. Then Click on Install Certificate.
    3. Next, we will see the import wizard. Leave Current user selected and click next.
    4. Choose “Automatically select the certificate store based on the type of certificate”.
    5. Click Finish.

     

    Conclusion

    “Cannot Verify Server Identity” error is caused by iPhone’s and iOS’s strict verification of mail server certificates. Today we’ve covered the top two causes for this error, and how our Support Engineers fix this error.

     

Related posts:

  1. cPanel email going to spam? Here’s how to fix it
  2. 451 DNS temporary failure- Rapid fix!
  3. DigitalOcean Sendmail | How To Setup?
  4. Postfix Error Address Resolver Failure: Troubleshoot

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM"; #olark-wrapper .olark-launch-button,#olark-wrapper .olark-attention-grabber,#olark-wrapper .olark-attention-grabber-img,#olark-wrapper .olark-bounding-box { display: none !important; }

37 Comments

  1. Phil
    Phil on 2018-11-06 at 11:49

    Typical brute force method. You lose all emails!!!

    Reply
  2. rk
    rk on 2019-01-22 at 07:11

    it has not helped & now I can’t seem to reload my mail account…
    off to the apple store in hopes of help there-ugh!

    Reply
    • Sijin George
      Sijin George on 2020-04-20 at 12:24

      If you still have the error and need help, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  3. Adnan
    Adnan on 2019-04-23 at 15:48

    Actually an easier way that works without having to delete anything is just do this :
    Go to Settings –> Accounts & Password –> [Account Name] –> under IMAP – click on the email than go to your SMTP server and click on it —> click on your primary server > check Off or On under SSL then will then give you the option again to trust this server and worked prefect for me … this is IOs 12.2

    Reply
    • Pieter
      Pieter on 2019-05-15 at 02:46

      Thxs it worked for me

      Reply
      • Barbara
        Barbara on 2019-05-27 at 02:53

        I tried this but I have iOS 12.3.1 which must’ve blocked your fix.

        Reply
        • Barbara
          Barbara on 2019-05-27 at 03:46

          I finally disabled the “Use SSL” feature and that did the trick.

          Reply
          • Susan D
            Susan D on 2019-08-29 at 17:05

            Thank you. This worked for me.

    • plitzau
      plitzau on 2019-06-29 at 11:19

      This didn’t work for me, but changing the name of the server, then changing it back worked.

      Reply
    • Dana
      Dana on 2019-12-08 at 03:11

      Thank you this worked

      Reply
    • Steve M
      Steve M on 2019-12-13 at 00:26

      On/off SSL worked for me also on the latest iOS. Started after I changed cellular carriers.

      Reply
    • Dani
      Dani on 2020-04-02 at 18:34

      This worked for me! Thank you

      Reply
    • moft
      moft on 2020-11-06 at 11:31

      thanks work fine : )

      Reply
    • Katrina
      Katrina on 2023-01-02 at 23:01

      In my iPhone XMax 16.1.1 there is no “Settings” and then “Accounts and passwords” section. Any way you can elaborate? Thanks!

      Reply
      • Hiba Razak
        Hiba Razak on 2023-01-10 at 15:17

        Hi,
        Our experts can help you with the issue.we will be happy to talk to you through our live chat(click on the icon at right-bottom).

        Reply
    • John
      John on 2023-02-15 at 22:02

      When I turn off the SSL, no option to Trust. When I turn back on, no option to Trust. IOs 16.2

      Reply
      • Hiba Razak
        Hiba Razak on 2023-03-16 at 16:14

        Hi John,
        Please contact our support through live chat(click on the icon at right-bottom).

        Reply
  4. T S
    T S on 2019-04-26 at 11:18

    This error started on my ipad this morning, my web host said they’ve been flooded with calls since yesterday because Apple just released a software update that added “mail.” to the beginning of all my server names. Entered airplane mode to stop the popups, scraped off Apple’s little gift and voila.

    Reply
    • BGN
      BGN on 2019-05-15 at 03:15

      Brilliant! Thank you!

      Reply
      • Barbara
        Barbara on 2019-05-27 at 02:50

        How do you scrape off Apple’s little gift (I assume you removed the word “mail”? This is driving me nuts. I can’t forward texts to my email.

        Reply
  5. Tim
    Tim on 2019-10-05 at 16:59

    worked for me!!! you guys Rock!!!!!!!!

    Reply
  6. P. Morris
    P. Morris on 2019-10-11 at 07:15

    I’m having the same problems with server certificate since I updated to 13.1.2 on my iPad Pro. In addition, in settings, passwords and accounts, all the info for accounts is grayed out so I can’t access any of that to fix the server certificate problem! Now what??? What causes the “grey out”” problem? I’ve never had trouble with updates before..

    Reply
    • Sijin George
      Sijin George on 2020-04-20 at 11:22

      Hello,
      This could be due to restrictions on your iPad. If you still have the error and need help, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  7. Kevin
    Kevin on 2020-02-06 at 01:58

    When I hit the “details” button when the message pops up it just goes away. Also the identity is Apple.imap.mail.yahoo.com. Any suggestions? I also do not have the ability to turn off or on the use SSL option as it is greyed out. Thanks!

    Reply
    • Sijin George
      Sijin George on 2020-02-06 at 09:40

      Hello Kevin,
      The mail server appears to be wrong. Can you please add the correct email server name? Then SSL option should be active. If you still find problems, let us know. We’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  8. Anish
    Anish on 2020-02-12 at 18:34

    Just turn off your phone and on it again……. i think it will work…..

    Reply
  9. Paul
    Paul on 2020-02-13 at 16:09

    Thanks!

    Reply
  10. Andy
    Andy on 2020-02-21 at 19:35

    been getting these all morning saying http://www.stxxxx.co can’t be verified, no idea who or what it is & any way of getting shot short of erasing all emails etc which is Apple’s usual go to method

    Reply
    • Sijin George
      Sijin George on 2020-04-18 at 09:29

      Hello Andy,
      Can you please confirm if the domain is valid? If you still have the error and need help, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  11. Captain obvious
    Captain obvious on 2020-02-22 at 11:51

    For those that may miss the obvious, first check you’re on the internet by going to a browser and google something. In my case I had connected to a spectrum hot spot unknowingly and it needed authentication before connecting to internet. This will also cause certificate errors and all u need to do is authenticate or turn off WiFi

    Reply
    • Greg C
      Greg C on 2020-02-28 at 06:12

      This will also happen on a mis-configured network. One of my job sites is undergoing some kind of network reconfiguration, and I’m getting the above error for hotmail. As soon as I switch to my own mobile Wi-Fi, the problem goes away.

      Reply
  12. Patrick
    Patrick on 2020-06-23 at 14:12

    Thank you for your article.

    I still wasn’t able to fix the problem for mmy iPhone 6S. It runs on 13.5.1 just like my iPhone 8. On my iPhone 8 it works fine.

    I didn’t even have to re-add the mail account on my iPhone 8. When the certificate changed, I clicked on “Continue” and it worked fine.

    However, on my iPhone 6S (and on my colleagues iPhone X) I don’t have the option to click on “Continue”.

    I tried it with deleting all settings, with restarting the iPhone, with deleting the mail account etc.

    Do you have anymore suggestions how to fix the issue? 😉

    Best regards
    Patrick

    Reply
    • Sijin George
      Sijin George on 2020-07-15 at 14:43

      Hello Patrick,
      Can you please try modifying the SSL security settings of the problem account?

      Reply
  13. CHRISTOPHER RODGERS
    CHRISTOPHER RODGERS on 2021-02-09 at 01:14

    I was having this trouble myself, and after trying all the suggestions I had turned off my VPN and this error corrected itself, have not tried turning the vpn back on but so far no more issues.

    Reply
  14. Dwayne
    Dwayne on 2022-11-09 at 00:00

    I’ve finally found why I had this message, I tried everything, but it seemed to be an issue I had in my iCloud Calendar, on the Mac I could see that in the Calendar app on the left hand-side with an explanation mark. Sadly, the solution was to disable the account and start using Google Calendar.

    Reply
  15. Matthew
    Matthew on 2024-04-23 at 13:00

    My hunch is that free SSL certificates like Let’s Encrypt cause these problems. Would a paid SSL certificate resolve this issue?

    Reply
    • Hiba Razak
      Hiba Razak on 2024-05-13 at 15:41

      “Cannot Verify Server Identity” errors on iPhone and iOS devices can occur due to various reasons, not necessarily linked to free SSL certificates like Let’s Encrypt. While paid SSL certificates might offer additional features and support, resolving this specific issue often involves ensuring proper configuration of SSL certificates, including intermediate certificates, correct server settings, and valid domain configurations.
      If you still have the error and need help, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. cPanel email going to spam? Here’s how to fix it
  2. 451 DNS temporary failure- Rapid fix!
  3. DigitalOcean Sendmail | How To Setup?
  4. Postfix Error Address Resolver Failure: Troubleshoot

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF