Bobcares

“Cannot Verify Server Identity” in iPhone & iOS : Proven Fixes

by | Jan 31, 2020

“Cannot Verify Server Identity” is a common error in iPhone and other iOS devices. Here at Bobcares.com we see this error almost every day as part of our Outsourced Tech Support services, where we manage the tech support operations of web hosts, digital marketers, and more.

    1. What is the error Cannot Verify Server Identity?
    2. What are the causes of Cannot Verify Server Identity error?
    3. What are the solutions of Cannot Verify Server Identity error?
    4. Conclusion

    What is the error Cannot Verify Server Identity?

    A typical error message looks like this:

    cannot_verify_server_identity

    When an iPhone tries to connect to a mail server securely, it’ll fetch the server’s “SSL certificate” and check if it is reliable. If it finds the certificate expired, or not matching the domain name, or not signed by a well-known company, it’ll mark the cert as unreliable. At that point, the secure connection fails, and iPhone or the device will show the error “Cannot Verify Server Identity“.

    We see this error usually when:

        • The mail server’s certificate is changed (eg. new issuer), or
        • A new account is being setup in iPhone, or
        • After an account migration

    Unfortunately, the error can appear when using any mail servers. It even pops up with popular mail servers like eas.outlook.com, imap.gmail.com, etc. too.

    What are the causes of Cannot Verify Server Identity error?

    Of course, there are cases where this error is shown when the certificate is indeed bad (expired, wrong domain, etc.). But we often see cases where valid certificates are also misclassified as fake by iPhone. The two major reasons we’ve seen are:

    1. A mismatch between Domain name and Server name

    Many hosting companies provide the mail server name as “mail.website-name.com”. Whereas, the certificate of the mail server will be in the format “mail.server-name.com”. When configuring iPhone users put in their mail server as “mail.website-name.com”, but when iPhone fetches the certificate, it sees the name “mail.server-name.com” printed in it.

    iPhone plays safe and marks the certificate as unreliable.

    How we fix it

    We fix it in three ways:

        • Change mail server name – In cases where the hosting customer has a VPS account, we change the mail server name to match the certificate name.
        • Fix mail configuration – If the hosting user is a Shared Hosting customer, we help them change iPhone’s mail server settings to use “mail.server-name.com” instead of “mail.website-name.com”.
        • Setup a free dedicated certificate – For VPS users who didn’t use a valid certificate (eg. self-signed certs are untrusted), we setup certificates from Let’s Encrypt, which is a valid CA that provides free SSLs.

     

    2. “Bug” in iPhone & iOS

    Apple uses pretty strong checks to ensure certificate security. So, if there is no way to change the server’s certificate name or the mail user’s MX name, the error will remain no matter what. In the cases where this error comes up after a server certificate change, we help mail users to explicitly add the server’s SSL certificate to the “Trusted” list.

    To do that,

        • Tap on the “Details” button shown in the error message.
        • And in the next screen, tap on the “Trust” link.

    Cannot Verify Server Identity - iPhone - Trust certificate

    How to fix it in iOS 10.x+

    In the later versions of iPhone and iOS 10.x+, this option to add certificates to “Trusted” list is no longer available. So, for such devices, we’ve found these steps to work:

        • Delete all mail accounts related to your domain.
          • Go to Settings –> Accounts & Password –> [Account Name] –> Delete Account.
        • Then delete all outgoing mail servers in settings.
        • Re-add the mail account(s).

    This will provide the option to “Trust” the certificates again as described above.

    What are the solutions of Cannot Verify Server Identity error?

    1. Bonus: Changing SSL settings

    We are adding this tip from various feedbacks, and from our own experience in the past 2 years. In many cases disable SSL can also fix the error.

    The exact steps involve:
    – Open the Settings app and browse for Passwords & Accounts.
    – Tap the mail app that is causing problems.
    – Next, Select the registered Account.
    – Navigate to Advanced settings and disable the Use SSL feature.

    However, sending emails over non-secure methods can risk your data.

    2. Reinstall Outlook/Gmail mail server certificates

    Recently, when a customer reported the cannot verify server identity error in Outlook, our Dedicated Engineers fixed it by reinstalling the certificate.

    1. Users will receive Internet security warning with 3 options, Yes, No, View Certificate. Here, we click the View Certificate button.
    2. Then Click on Install Certificate.
    3. Next, we will see the import wizard. Leave Current user selected and click next.
    4. Choose “Automatically select the certificate store based on the type of certificate”.
    5. Click Finish.

     

    Conclusion

    “Cannot Verify Server Identity” error is caused by iPhone’s and iOS’s strict verification of mail server certificates. Today we’ve covered the top two causes for this error, and how our Support Engineers fix this error.

     

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM"; #olark-wrapper .olark-launch-button,#olark-wrapper .olark-attention-grabber,#olark-wrapper .olark-attention-grabber-img,#olark-wrapper .olark-bounding-box { display: none !important; }

37 Comments

  1. Phil

    Typical brute force method. You lose all emails!!!

    Reply
  2. rk

    it has not helped & now I can’t seem to reload my mail account…
    off to the apple store in hopes of help there-ugh!

    Reply
    • Sijin George

      If you still have the error and need help, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  3. Adnan

    Actually an easier way that works without having to delete anything is just do this :
    Go to Settings –> Accounts & Password –> [Account Name] –> under IMAP – click on the email than go to your SMTP server and click on it —> click on your primary server > check Off or On under SSL then will then give you the option again to trust this server and worked prefect for me … this is IOs 12.2

    Reply
    • Pieter

      Thxs it worked for me

      Reply
      • Barbara

        I tried this but I have iOS 12.3.1 which must’ve blocked your fix.

        Reply
        • Barbara

          I finally disabled the “Use SSL” feature and that did the trick.

          Reply
          • Susan D

            Thank you. This worked for me.

    • plitzau

      This didn’t work for me, but changing the name of the server, then changing it back worked.

      Reply
    • Dana

      Thank you this worked

      Reply
    • Steve M

      On/off SSL worked for me also on the latest iOS. Started after I changed cellular carriers.

      Reply
    • Dani

      This worked for me! Thank you

      Reply
    • moft

      thanks work fine : )

      Reply
    • Katrina

      In my iPhone XMax 16.1.1 there is no “Settings” and then “Accounts and passwords” section. Any way you can elaborate? Thanks!

      Reply
      • Hiba Razak

        Hi,
        Our experts can help you with the issue.we will be happy to talk to you through our live chat(click on the icon at right-bottom).

        Reply
    • John

      When I turn off the SSL, no option to Trust. When I turn back on, no option to Trust. IOs 16.2

      Reply
      • Hiba Razak

        Hi John,
        Please contact our support through live chat(click on the icon at right-bottom).

        Reply
  4. T S

    This error started on my ipad this morning, my web host said they’ve been flooded with calls since yesterday because Apple just released a software update that added “mail.” to the beginning of all my server names. Entered airplane mode to stop the popups, scraped off Apple’s little gift and voila.

    Reply
    • BGN

      Brilliant! Thank you!

      Reply
      • Barbara

        How do you scrape off Apple’s little gift (I assume you removed the word “mail”? This is driving me nuts. I can’t forward texts to my email.

        Reply
  5. Tim

    worked for me!!! you guys Rock!!!!!!!!

    Reply
  6. P. Morris

    I’m having the same problems with server certificate since I updated to 13.1.2 on my iPad Pro. In addition, in settings, passwords and accounts, all the info for accounts is grayed out so I can’t access any of that to fix the server certificate problem! Now what??? What causes the “grey out”” problem? I’ve never had trouble with updates before..

    Reply
    • Sijin George

      Hello,
      This could be due to restrictions on your iPad. If you still have the error and need help, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  7. Kevin

    When I hit the “details” button when the message pops up it just goes away. Also the identity is Apple.imap.mail.yahoo.com. Any suggestions? I also do not have the ability to turn off or on the use SSL option as it is greyed out. Thanks!

    Reply
    • Sijin George

      Hello Kevin,
      The mail server appears to be wrong. Can you please add the correct email server name? Then SSL option should be active. If you still find problems, let us know. We’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  8. Anish

    Just turn off your phone and on it again……. i think it will work…..

    Reply
  9. Paul

    Thanks!

    Reply
  10. Andy

    been getting these all morning saying http://www.stxxxx.co can’t be verified, no idea who or what it is & any way of getting shot short of erasing all emails etc which is Apple’s usual go to method

    Reply
    • Sijin George

      Hello Andy,
      Can you please confirm if the domain is valid? If you still have the error and need help, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  11. Captain obvious

    For those that may miss the obvious, first check you’re on the internet by going to a browser and google something. In my case I had connected to a spectrum hot spot unknowingly and it needed authentication before connecting to internet. This will also cause certificate errors and all u need to do is authenticate or turn off WiFi

    Reply
    • Greg C

      This will also happen on a mis-configured network. One of my job sites is undergoing some kind of network reconfiguration, and I’m getting the above error for hotmail. As soon as I switch to my own mobile Wi-Fi, the problem goes away.

      Reply
  12. Patrick

    Thank you for your article.

    I still wasn’t able to fix the problem for mmy iPhone 6S. It runs on 13.5.1 just like my iPhone 8. On my iPhone 8 it works fine.

    I didn’t even have to re-add the mail account on my iPhone 8. When the certificate changed, I clicked on “Continue” and it worked fine.

    However, on my iPhone 6S (and on my colleagues iPhone X) I don’t have the option to click on “Continue”.

    I tried it with deleting all settings, with restarting the iPhone, with deleting the mail account etc.

    Do you have anymore suggestions how to fix the issue? 😉

    Best regards
    Patrick

    Reply
    • Sijin George

      Hello Patrick,
      Can you please try modifying the SSL security settings of the problem account?

      Reply
  13. CHRISTOPHER RODGERS

    I was having this trouble myself, and after trying all the suggestions I had turned off my VPN and this error corrected itself, have not tried turning the vpn back on but so far no more issues.

    Reply
  14. Dwayne

    I’ve finally found why I had this message, I tried everything, but it seemed to be an issue I had in my iCloud Calendar, on the Mac I could see that in the Calendar app on the left hand-side with an explanation mark. Sadly, the solution was to disable the account and start using Google Calendar.

    Reply
  15. Matthew

    My hunch is that free SSL certificates like Let’s Encrypt cause these problems. Would a paid SSL certificate resolve this issue?

    Reply
    • Hiba Razak

      “Cannot Verify Server Identity” errors on iPhone and iOS devices can occur due to various reasons, not necessarily linked to free SSL certificates like Let’s Encrypt. While paid SSL certificates might offer additional features and support, resolving this specific issue often involves ensuring proper configuration of SSL certificates, including intermediate certificates, correct server settings, and valid domain configurations.
      If you still have the error and need help, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF