Need Help?

Our experts will login to your server within 30 minutes to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Our experts will login to your server within 30 minutes to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

2 proven ways to fix error “Cannot Verify Server Identity” in iPhone & iOS

Cannot Verify Server Identity” is a common error in iPhone and other iOS devices.

It means that device considers the mail server’s certificate is fake.

Here at Bobcares.com we see this error almost every day as part of our Outsourced Tech Support services, where we manage the tech support operations of web hosts, digital marketers, and more.

A typical error message looks like this:

cannot_verify_server_identity

What is the error Cannot Verify Server Identity?

When an iPhone tries to connect to a mail server securely, it’ll fetch the server’s “SSL certificate” and check if it is reliable.

If it finds the certificate expired, or not matching the domain name, or not signed by a well-known company, it’ll mark the cert as unreliable.

At that point, the secure connection fails, and iPhone or the device will show the error “Cannot Verify Server Identity“.

We see this error usually when:

  • The mail server’s certificate is changed (eg. new issuer), or
  • A new account is being setup in iPhone, or
  • After an account migration

Unfortunately, the error can appear when using any mail servers. It even pops up with popular mail servers like eas.outlook.com, imap.gmail.com, etc. too.

 

What are the causes of Cannot Verify Server Identity error?

Of course, there are cases where this error is shown when the certificate is indeed bad (expired, wrong domain, etc.).

But we often see cases where valid certificates are also misclassified as fake by iPhone. The two major reasons we’ve seen are:

 

1. A mismatch between Domain name and Server name

Many hosting companies provide the mail server name as “mail.website-name.com”.

Whereas, the certificate of the mail server will be in the format “mail.server-name.com”.

When configuring iPhone users put in their mail server as “mail.website-name.com”, but when iPhone fetches the certificate, it sees the name “mail.server-name.com” printed in it.

iPhone plays safe and marks the certificate as unreliable.

How we fix it

We fix it in three ways:

  • Change mail server name – In cases where the hosting customer has a VPS account, we change the mail server name to match the certificate name.
  • Fix mail configuration – If the hosting user is a Shared Hosting customer, we help them change iPhone’s mail server settings to use “mail.server-name.com” instead of “mail.website-name.com”.
  • Setup a free dedicated certificate – For VPS users who didn’t use a valid certificate (eg. self-signed certs are untrusted), we setup certificates from Let’s Encrypt, which is a valid CA that provides free SSLs.

 

2. “Bug” in iPhone & iOS

Apple uses pretty strong checks to ensure certificate security.

So, if there is no way to change the server’s certificate name or the mail user’s MX name, the error will remain no matter what.

In the cases where this error comes up after a server certificate change, we help mail users to explicitly add the server’s SSL certificate to the “Trusted” list.

To do that,

  • Tap on the “Details” button shown in the error message.
  • And in the next screen, tap on the “Trust” link.

Cannot Verify Server Identity - iPhone - Trust certificate

How to fix it in iOS 10.x+

In the later versions of iPhone and iOS 10.x+, this option to add certificates to “Trusted” list is no longer available.

So, for such devices, we’ve found these steps to work:

  • Delete all mail accounts related to your domain.
    • Go to Settings –> Accounts & Password –> [Account Name] –> Delete Account.
  • Then delete all outgoing mail servers in settings.
  • Re-add the mail account(s).

This will provide the option to “Trust” the certificates again as described above.

 

Bonus: Changing SSL settings

We are adding this tip from various feedbacks, and from our own experience in the past 2 years.

In many cases disable SSL can also fix the error.

The exact steps involve:
– Open the Settings app and browse for Passwords & Accounts.
– Tap the mail app that is causing problems.
– Next, Select the registered Account.
– Navigate to Advanced settings and disable the Use SSL feature.

However, sending emails over non-secure methods can risk your data.

 

Reinstall Outlook/Gmail mail server certificates

Recently, when a customer reported the cannot verify server identity error in Outlook, our Dedicated Engineers fixed it by reinstalling the certificate.

1. Users will receive Internet security warning with 3 options, Yes, No, View Certificate. Here, we click the View Certificate button.
2. Then Click on Install Certificate.
3. Next, we will see the import wizard. Leave Current user selected and click next.
4. Choose “Automatically select the certificate store based on the type of certificate”.
5. Click Finish.

 

Conclusion

“Cannot Verify Server Identity” error is caused by iPhone’s and iOS’s strict verification of mail server certificates. Today we’ve covered the top two causes for this error, and how our Support Engineers fix this error.

 

Originally published on 15th Sep 2018. Updated on 31st Jan 2020


PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

Latest

16 Comments

  1. Typical brute force method. You lose all emails!!!

    Reply
  2. Actually an easier way that works without having to delete anything is just do this :
    Go to Settings –> Accounts & Password –> [Account Name] –> under IMAP – click on the email than go to your SMTP server and click on it —> click on your primary server > check Off or On under SSL then will then give you the option again to trust this server and worked prefect for me … this is IOs 12.2

    Reply
    • Thxs it worked for me

      Reply
      • I tried this but I have iOS 12.3.1 which must’ve blocked your fix.

        Reply
        • I finally disabled the “Use SSL” feature and that did the trick.

          Reply
          • Thank you. This worked for me.

    • This didn’t work for me, but changing the name of the server, then changing it back worked.

      Reply
  3. This error started on my ipad this morning, my web host said they’ve been flooded with calls since yesterday because Apple just released a software update that added “mail.” to the beginning of all my server names. Entered airplane mode to stop the popups, scraped off Apple’s little gift and voila.

    Reply
    • Brilliant! Thank you!

      Reply
      • How do you scrape off Apple’s little gift (I assume you removed the word “mail”? This is driving me nuts. I can’t forward texts to my email.

        Reply
  4. worked for me!!! you guys Rock!!!!!!!!

    Reply
  5. When I hit the “details” button when the message pops up it just goes away. Also the identity is Apple.imap.mail.yahoo.com. Any suggestions? I also do not have the ability to turn off or on the use SSL option as it is greyed out. Thanks!

    Reply
    • Hello Kevin,
      The mail server appears to be wrong. Can you please add the correct email server name? Then SSL option should be active. If you still find problems, let us know. We’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  6. Thanks!

    Reply
  7. For those that may miss the obvious, first check you’re on the internet by going to a browser and google something. In my case I had connected to a spectrum hot spot unknowingly and it needed authentication before connecting to internet. This will also cause certificate errors and all u need to do is authenticate or turn off WiFi

    Reply
    • This will also happen on a mis-configured network. One of my job sites is undergoing some kind of network reconfiguration, and I’m getting the above error for hotmail. As soon as I switch to my own mobile Wi-Fi, the problem goes away.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF