iPhone cannot verify server identity

We started having this issue recently and none of the steps i saw worked. Maybe because the email setup is different. one major factor is that the phone did not give you the option to trust or accept the untrusted certificate. We are connecting via SSL, to our exchange server. Issue i used to resolve it was on the mobile config file i enabled untrusted TLS accepting(this was initially disabled) . i then exported our exchange cert and added to the mobile config. exchange was able to sync after reinstalling and users were able to accept the certificate.

guess a FYI who may still have issues since i had to spend a weekend playing around with the phone and certification issue. phones were using version 10.2.1

We started having this issue recently and none of the steps i saw worked. Maybe because the email setup is different. one major factor is that the phone did not give you the option to trust or accept the untrusted certificate. We are connecting via SSL, to our exchange server. Issue i used to resolve it was on the mobile config file i enabled untrusted TLS accepting(this was initially disabled) . i then exported our exchange cert and added to the mobile config. exchange was able to sync after reinstalling and users were able to accept the certificate.

guess a FYI who may still have issues since i had to spend a weekend playing around with the phone and certification issue. phones were using version 10.2.1

I had this Same Problem and what I kept doing was Deleting email and then adding back, but that didn't fix

So after a lot of trouble shooting this was what Solved it so I could get the Continue to be able to Trust Certificate

1st Delete the Email Account that's giving you Trouble

2nd Go back to Settings and then Mail then Click on Accounts then click on another email account that you have on there click on it then Outgoing Mail Server

After getting to the Outgoing Mail Server Click on the Email that you deleted in 1st step then Scoll down and

Delete the Server!

3rd and Last Re Add Email Account and the Contiue will pop up to Verify Server

If you need help feel free to message me

Have no fear. i found the solution after Googling here and there. God might not help you with your problems but Google does!

Anyway, hereby the solutions:

I did the last. Click off SSL and then done and all my e-mails came in!!! You're welcome!🙂😎

IOS 10.1.1 -- Mail settings are IMAP, SSL is off. Clicking on "More Details" brings up a screen with tons of info but -- unlike my desktop Mac -- no checkbox to allow Trusting.

Knox 11 Points 2016-12-08 5:27 pm EST

Alexander_the_Great wrote:

Have no fear. i found the solution after Googling here and there. God might not help you with your problems but Google does!

Anyway, hereby the solutions:

I did the last. Click off SSL and then done and all my e-mails came in!!! You're welcome!🙂😎

Right. And by clicking off SSL that means that all of your emails are now readable by anyone sharing an unsecured network at the same time you are (such as Starbucks, or any network that does not have a lock symbol next to it when viewing WiFi networks).

Thanks bearbeaty, that did the trick. It seems that you have discovered a bug in at least in iOS 10.3.1, which I can confirm as being prone to this problem. iOS 10.3.1 on my friend's iPhone 6+ does not delete the outgoing server configuration when deleting the email account. And when adding the same account back to iOS, it does not properly overwrite the previously configured outgoing configuration and update the SSL certificate. By separately deleting the outgoing configuration as you have described, a new certificate can be saved to the account configuration thus solving the issues we have been having with SSL certificates not being accepted.

rezolution studios wrote:

Thanks bearbeaty, that did the trick. It seems that you have discovered a bug in at least in iOS 10.3.1, which I can confirm as being prone to this problem. iOS 10.3.1 on my friend's iPhone 6+ does not delete the outgoing server configuration when deleting the email account. And when adding the same account back to iOS, it does not properly overwrite the previously configured outgoing configuration and update the SSL certificate. By separately deleting the outgoing configuration as you have described, a new certificate can be saved to the account configuration thus solving the issues we have been having with SSL certificates not being accepted.

It's not a bug in 10.3.1; it is a feature that has been in every version of iOS for 10 years (as well as almost all computer email clients in Windows, Mac, and Linux). Outgoing servers are managed independently of incoming for good reason; it is common for SMTP servers to be used for multiple accounts, so if you delete an incoming server and it automatically deleted the outgoing server that was associated that could screw up other email accounts. For example, I have 3 email accounts that use the same SMTP server because they are hosted by the same ISP.

The exceptions are fully integrated email solutions, most notably Microsoft Exchange and iCloud. These don't have separate SMTP servers, as the same server handles both incoming and outgoing traffic.

You misunderstood. The bug is that iOS 10.3.1 is not allowing the normal update/replacement of expired SSL certificates in the SMTP config. You shouldn't need to scrub the outgoing server config and re-enter all info to utilize a new cert. In previous versions of iOS and in Mac OS, etc., when a cert expires you can click on "details" or "continue" and get to a screen where you can accept/trust the new cert. This is not the case in the bug reported here. Just re-entering and re-validating SMTP server settings also does not work unless you first specifically delete both the main account config with your incoming/IMAP settings and then also delete the SMTP config. Yes, outgoing email configurations are not always deleted when the associated IMAP account is deleted because the outgoing config could be in use with other accounts, iOS, however, makes this less clear because if the way in which it organizes each account and how it buries these settings within its menu system.

Thank you so much for this!

I've spent over an hour deleting & re-entering my wife's email address details to try to get 'continue' to come up (names.co.uk / hosts.co.uk domain email smtp) - to the point where I'm sick of typing my wife's name!

I ended up adding my email account to her phone, deleting her email account off the phone, then navigating to the outgoing server settings where HER outgoing server was still in the SMTP list. Deleted it, re-added the account and presto a prompt over the certificate with 'Continue'. All sorted.

@APPLE: Why is the outgoing server information held onto even if the email account is deleted? Why can't this information be viewed and the outgoing server deleted manually WITHOUT having to add another email account to the device?

Thank you, thank you, thank you and a thousand of thanks. I had this problem and I was 2 weeks testing everything with no luck until I saw your post. I did it as you said and perfect!!, it works!!.

Thank you genius2016.

So this happened to me after I upgraded my web server. This message is telling you Mail can't authenticate using the information you have provided to the app. If this happened suddenly, most likely there was a change in the mail server you are logging into and you have to correct the mail account settings on your device, but first you have to figure out what changed on the mail server you are using.

In my case, the old mail server would serve SSL and regular mail through the same subdomain - mail.domainname.com - using different ports. On the upgraded server, only regular mail was delivered through mail.domainname.com, and secure mail using another subdomain name on the server host (i.e. securemail.domainname.com).

The account that was throwing the error was on ssl, so my choice was to reconfigure the mail server to serve mail through the same subdomain - mail.domainname.com - on different ports, or change the outgoing/incoming mail server names on the iphone device to reflect the new setup (securemail.domainname.com). I tried changing the settings on the iphone device first, which worked.

Eventually, I configured the new mail server to my liking, but that's a benefit of managing your own mail server.

glostah, the solution has been found by bearbeaty. The problem is that iOS 10.3.1 does not properly update SSL certificates as it should. SSL certs (which allow encrypted connections to email servers) regularly expire and need to be replaced, leading to this issue. As bearbeaty found, you will need to delete the account on iOS and then also delete the SMTP configuration that contained the certificate; then re-add the account and the new certificate can then be accepted.

Started from the top and have read through the whole thread - none of the workarounds worked out for me. At the moment, when re-adding the Exchange account, the pop-up which says "Cannot verify server identity" does not appear anymore (because I previously pressed on "Continue", I assume).

The account still does not sync - same when I switch off "Use SSL".

If the warning does not appear your problem is most likely unrelated to the certificate. Check with the Exchange administrator.

Also to check: Go to Settings/General and look for Profiles. It will either be listed as Profiles, or as Device Management. If there is a profile for the account try deleting it and deleting the Exchange account, and start over.

Hi Lawrence, and thank you for your quick reply.

Well, I think my problem was related to the certificate bug - all symptoms mentioned in this thread did apply to my problem. When I switched off WiFi, I was able to press the "Continue" button; since then, the message disappeared.

And I have none profiles installed - already checked this.

But, shame on me: Never tried the classic "Have you already rebooted your device?"-advice. Because after a restart, my account is working like a charm again...