iPhone cannot verify server identity

After upgrading to 10.2.1 our customers started having issues with SSL/TLS connections to our servers.

The above suggestions did not work for us. Scouring our server's mail log didn't help much; just saw the TLS disconnect in the log issued by the client.

Our certificate was created at StartSSL (StarCom), and it appears that StarCom root authority will no longer (or is no longer) supported by 10.2.1. Once we purchased a certificate elsewhere and installed it, the iPhone had no issues validating and connecting via TLS. (imap SSL port 143, smtp SSL port 587).

I should mention that Android, Thunderbird and Outlook 2010/2013 did not have issues with our certificate, nor did iOS 10.1.n. Any websites using certificates created at StarCom also worked fine (including Safari).

Well, I hope this helps someone else.

I have the same problem. Updated to iOS 10.1.1 Wednesday. Mail worked fine.

Then my service provider updated their certificate Friday and sinne then no go with mail. No way to accept the new certificate. There is nothing wrong in certificate itself - it is from accepted root provider in Apples list. An iPad with older iOS is fine with it. So this has to be a bug with current iOS.

I would really like to find a solution for this. Would hate to have to change for another phone because of broken mail.

Same problem here. "Cannot Verify Server Identity" and no button anywhere to hit accept or continue.

Used my server for years, never had a problem. Came today directly after I update to 10.1.1.

I was forced to update because my WIFI refused data coming through. At least wifi works again after the update.

PARTIALLY SOLVED: Problem started with iOS 10.1.1. I upgraded to 10.2 with no impact. Turning WIFI off and accessing mail via cellular on iPhone activates "continue" option, solving the issue for me. Problem did not reoccur when reactivating WIFI, seeming to solve the problem. I have the same problem on my iPad, (iOS 10.2). As I don't have cellular service, I have been unable to resolve this on the iPad.

This is an Apple bug. Not providing "Continue" option on "Cannot verify server identity" when connected via WIFI. Hope this solves the issue for all iOS devices with cellular service. Spread the word if this works for you.

Also experiencing this problem with my iPhone 6s with iOS 10.1.1 and 10.2, connecting to an IMAP server running Postfix and Dovecot and using TLS for both.

Problem began after updating SSL certificate issued by CAcert. Note that CAcert is not listed in the default iOS root certificates, but is installed as a Profile. This combination has always worked before.

I tried deleting the mail account, rebooting the iPhone 6s, and re-setting up the email account. No go with iOS 10.1.1. Updated to iOS 10.2 and repeated email account setup. Incoming server Cannot Verify Server Identity dialog did have the Continue button this time, but outgoing (SMTP) server only gives me Details and Cancel option, no Continue option.

Server log shows that a TLS connection was established, but it then times-out after a while, waiting on the iPhone...

Is there any way to get the outgoing server Cannot Verify Server Identity dialog to give a Continue option?

I had the same problem and found out that when I was on my wifi at home with Brighthouse networks I received these message. I turned off my wifi and the popups went away. I use 4 different email addresses and each mail server couldnt verify ssl certificate.

Yahoo want you to use their mail app, rather the IOS Mail. that way they can 'hang' the advertising at you on top of your inbox items. only way i could get my yahoo mails through IOS10.2. but i suspect its less about 10.2 and more about a change at Yahoo's side (data sec issues identified Dec 14 2016 notification)

Apple definitely has some things to work out with this issue. Not only do they no longer have the Continue button available (which basically just auto-switched it to non-SSL) but they no longer have a way to accept the certificate when you view the SSL certificate details. This all tends to be related to SMTP, not incoming (but can work for both).

The issue usually comes from misaligned certificates or using the wrong type of security protocol with that certificate.

Potential ways to fix the issue:

1. change the authentication type to password (I think it tries to default to MD5 or something) and make sure you are using the proper username and password

2. use the ISP's actual mail server name (many shared hosting services will tell you your mail domain is "mail.yourdomain.com" but it's not that way on the certificate - it's usually "mail.theISPdomain.com" on the certificate, so it cannot validate.) ... if you do switch to this, you definitely will require your full email address as the username

3. Turn off all SSL until Apple addresses the issue.

@APPLE : you need to either allow the ability to accept the SSL certificate that is available on the server, or to continue and auto-switch to non-SSL as before. You are not going to force ISPs (especially shared hosting environments) to buy a certificate for each domain and it's not feasible for them to order multi-domain certificate when they don't know what domains they will host on a daily basis. You need to follow some modicum of accepted IT networking principals.

@APPLE : While we are on the subject of email ... you also need to stop this anal requirement of inputting incoming and outgoing credentials separately. 99.9% of all mail services are combined and use the same settings for both. You are the only OS and mail client that still requires separate entry, which is really confusing for many people. You should still have an Advanced section where this can be adjusted in the off chance it is required, but for most you should just be setting everything in one swoop during setup. The notion of separate inbound and outbound servers hasn't been used in decades now, except in specialized environments. You also do not require "extra SMTP servers". That was a very old requirement when ISPs used to only let people on their own network use their mail service. That type of validation (again) hasn't been used in decades, especially with the mobile universe we are now living in.

This didn't work for me. Whether on wifi or cellular, I get the same error when attempting to send. Incoming mail is fine; works like it always did. Luckily I don't have this issue on my MacBook when using Outlook. Cant send with Mail app although it doesn't give the same error; just a generic can't send. This could be something else altogether though.

I used to get the warning and could continue. I think Apple is trying to protect us too much by taking that option away. Everything worked fine before the update as note in the various postings in the thread.

Well, I solved the problem -- I forked-over the money for a commercial certificate.

An uneccessary added cost for a small business, but it has the advantage of also working for migrating our web server to SSL...

Indeed, the only way two times in a row to make my mail live again – to remove mailbox from iOS. Then go to smtp severs in Outgoing Mail and remove that old smtp server, that have left after mailbox deletion. Especially easy it is if you have some deferent mailboxes.

You may reboot after it.

Then set up your box again.

It worked well for few people.

This is definitely a problem with iOS 10 and the iPhone 7.

I have the exact same email accounts on both my iPhone and my iPad. Both run the same version of iOS 10.2.1.

When my email certificates were updated by my email service (Dreamhost), I got the same untrusted error on both devices.

Under Details on my iPad, the Trust button appeared and worked fine.

Under Details on my iPhone, the Trust button is missing.

It appears that Apple forgot to include the Trust button on the iPhone.

Please Advise.

I had this Same Problem and what I kept doing was Deleting email and then adding back, but that didn't fix

So after a lot of trouble shooting this was what Solved it so I could get the Continue to be able to Trust Certificate

1st Delete the Email Account that's giving you Trouble

2nd Go back to Settings and then Mail then Click on Accounts then click on another email account that you have on there click on it then Outgoing Mail Server

After getting to the Outgoing Mail Server Click on the Email that you deleted in 1st step then Scoll down and

Delete the Server!

3rd and Last Re Add Email Account and the Contiue will pop up to Verify Server

If you need help feel free to message me

> Try by uncheck "Use SSL" in "outgoing"

> mail server. I did it, and the problem

> was solved now!!

But now your connection is not secure and your mail is sent in the open.

Also, if your mail server is properly secured, it won't let you log in without using SSL/TLS.

I started to have this problem after the updated to 10.2.1 I was reading the replies here but no one seems to be helpful to my issue since I already have updated the software, does anyone else continue to have the problem above?