2 proven ways to fix error “Cannot Verify Server Identity” in iPhone & iOS
“Cannot Verify Server Identity” is a common error in iPhone and other iOS devices.
It means that device considers the mail server’s certificate is fake.
A typical error message looks like this:
What is the error Cannot Verify Server Identity?
When an iPhone tries to connect to a mail server securely, it’ll fetch the server’s “SSL certificate” and check if it is reliable.
If it finds the certificate expired, or not matching the domain name, or not signed by a well-known company, it’ll mark the cert as unreliable.
At that point, the secure connection fails, and iPhone or the device will show the error “Cannot Verify Server Identity“.
We see this error usually when:
- The mail server’s certificate is changed (eg. new issuer), or
- A new account is being setup in iPhone, or
- After an account migration
Unfortunately, the error can appear when using any mail servers. It even pops up with popular mail servers like eas.outlook.com, imap.gmail.com, etc. too.
What are the causes of Cannot Verify Server Identity error?
Of course, there are cases where this error is shown when the certificate is indeed bad (expired, wrong domain, etc.).
But we often see cases where valid certificates are also misclassified as fake by iPhone. The two major reasons we’ve seen are:
1. A mismatch between Domain name and Server name
Many hosting companies provide the mail server name as “mail.website-name.com”.
Whereas, the certificate of the mail server will be in the format “mail.server-name.com”.
When configuring iPhone users put in their mail server as “mail.website-name.com”, but when iPhone fetches the certificate, it sees the name “mail.server-name.com” printed in it.
iPhone plays safe and marks the certificate as unreliable.
How we fix it
We fix it in three ways:
- Change mail server name – In cases where the hosting customer has a VPS account, we change the mail server name to match the certificate name.
- Fix mail configuration – If the hosting user is a Shared Hosting customer, we help them change iPhone’s mail server settings to use “mail.server-name.com” instead of “mail.website-name.com”.
- Setup a free dedicated certificate – For VPS users who didn’t use a valid certificate (eg. self-signed certs are untrusted), we setup certificates from Let’s Encrypt, which is a valid CA that provides free SSLs.
2. “Bug” in iPhone & iOS
Apple uses pretty strong checks to ensure certificate security.
So, if there is no way to change the server’s certificate name or the mail user’s MX name, the error will remain no matter what.
In the cases where this error comes up after a server certificate change, we help mail users to explicitly add the server’s SSL certificate to the “Trusted” list.
To do that,
- Tap on the “Details” button shown in the error message.
- And in the next screen, tap on the “Trust” link.
How to fix it in iOS 10.x+
In the later versions of iPhone and iOS 10.x+, this option to add certificates to “Trusted” list is no longer available.
So, for such devices, we’ve found these steps to work:
- Delete all mail accounts related to your domain.
- Go to Settings –> Accounts & Password –> [Account Name] –> Delete Account.
- Then delete all outgoing mail servers in settings.
- Re-add the mail account(s).
This will provide the option to “Trust” the certificates again as described above.
Bonus: Changing SSL settings
We are adding this tip from various feedbacks, and from our own experience in the past 2 years.
In many cases disable SSL can also fix the error.
The exact steps involve:
– Open the Settings app and browse for Passwords & Accounts.
– Tap the mail app that is causing problems.
– Next, Select the registered Account.
– Navigate to Advanced settings and disable the Use SSL feature.
However, sending emails over non-secure methods can risk your data.
Reinstall Outlook/Gmail mail server certificates
Recently, when a customer reported the cannot verify server identity error in Outlook, our Dedicated Engineers fixed it by reinstalling the certificate.
1. Users will receive Internet security warning with 3 options, Yes, No, View Certificate. Here, we click the View Certificate button.
2. Then Click on Install Certificate.
3. Next, we will see the import wizard. Leave Current user selected and click next.
4. Choose “Automatically select the certificate store based on the type of certificate”.
5. Click Finish.
“Cannot Verify Server Identity” error is caused by iPhone’s and iOS’s strict verification of mail server certificates. Today we’ve covered the top two causes for this error, and how our Support Engineers fix this error.
Originally published on 15th Sep 2018. Updated on 31st Jan 2020