Select Page

2 proven ways to fix error “Cannot Verify Server Identity” in iPhone & iOS

Cannot Verify Server Identity” is a common error in iPhone and other iOS devices.

It means that iOS considers the mail server’s certificate is fake.

Here at Bobcares.com we see this error almost every day as part of our Outsourced Tech Support services, where we manage the tech support operations of web hosts, digital marketers, and more.

A typical error message looks like this:

Cannot Verify Server Identity - iPhone

Cannot Verify Server Identity – The identity of “mail.hostname.com” cannot be verified by Mail.

 

What is the error Cannot Verify Server Identity?

When an iPhone tries to connect to a mail server securely, it’ll fetch the server’s “SSL certificate” and check if it is reliable.

If it finds the certificate expired, or not matching the domain name, or not signed by a well known company, it’ll mark the cert as unreliable.

At that point the secure connection fails, and iPhone will show the error “Cannot Verify Server Identity“.

We see this error usually when:

  • The mail server’s certificate is changed (eg. new issuer), or
  • A new account is being setup in iPhone, or
  • After an account migration

 

What are the causes of Cannot Verify Server Identity error?

Of course, there are cases where this error is shown when the certificate is indeed bad (expired, wrong domain, etc.).

But we often see cases where valid certificates are also misclassified as fake by iPhone. The two major reasons we’ve seen are:

 

1. Mismatch between Domain name and Server name

Many hosting companies provide the mail server name as “mail.website-name.com”.

Whereas, the certificate of the mail server will be in the format “mail.server-name.com”.

When configuring iPhone users put in their mail server as “mail.website-name.com”, but when iPhone fetches the certificate, it sees the name “mail.server-name.com” printed in it.

iPhone plays safe, and marks the certificate as unreliable.

How we fix it

We fix it in three ways:

  • Change mail server name – In cases where the hosting customer has a VPS account, we change the mail server name to match the certificate name.
  • Fix mail configuration – If the hosting user is a Shared Hosting customer, we help them change iPhone’s mail server settings to use “mail.server-name.com” instead of “mail.website-name.com”.
  • Setup a free dedicated certificate – For VPS users who didn’t use a valid certificate (eg. self-signed certs are untrusted), we setup certificates from Let’s Encrypt, which is a valid CA that provides free SSLs.

 

2. “Bug” in iPhone & iOS

Apple uses pretty strong checks to ensure certificate security.

So, if there is no way to change the server’s certificate name, or the mail user’s MX name, the error will remain no matter what.

In the cases where this error comes up after a server certificate change, we help mail users to explicitly add the server’s SSL certificate to the “Trusted” list.

To do that,

  • Tap on the “Details” button shown in the error message.
  • And in the next screen, tap on the “Trust” link.

Cannot Verify Server Identity - iPhone - Trust certificate

How to fix it in iOS 10.x+

In the later versions of iPhone and iOS 10.x+, this option to add certificates to “Trusted” list is no longer available.

So, for such devices, we’ve found these steps to work:

  • Delete all mail accounts related to your domain.
    • Go to Settings –> Accounts & Password –> [Account Name] –> Delete Account.
  • Then delete all outgoing mail servers in settings.
  • Re-add the mail account(s).

This will provide the option to “Trust” the certificates again as described above.

 

Conclusion

“Cannot Verify Server Identity” error is caused by iPhone’s and iOS’s strict verification of mail server certificates. Today we’ve covered the top two causes for this error, and how our Dedicated Support Engineers fix this error.

 


PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES

Privacy Preference Center

    Necessary

    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

    PHPSESSID - Preserves user session state across page requests.

    gdpr[consent_types] - Used to store user consents.

    gdpr[allowed_cookies] - Used to store user allowed cookies.

    PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
    PHPSESSID
    WHMCSpKDlPzh2chML

    Statistics

    Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

    _ga - Preserves user session state across page requests.

    _gat - Used by Google Analytics to throttle request rate

    _gid - Registers a unique ID that is used to generate statistical data on how you use the website.

    smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

    _ga, _gat, _gid
    _ga, _gat, _gid
    smartlookCookie

    Marketing

    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

    IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

    test_cookie - Used to check if the user's browser supports cookies.

    1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

    NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

    DV - Google ad personalisation

    IDE, test_cookie, 1P_JAR, NID, DV, NID
    IDE, test_cookie
    1P_JAR, NID, DV
    NID