iPhone cannot verify server identity

If you're able to receive but not send mail, I can confirm that this is all related to a bug in the SMTP server settings stored on the device. Someone else mentioned a version of this solution earlier, but here's a step-by-step guide to how I finally cleared it up after a day of dangerously high blood pressure:

If you have more than one mail account, skip to step 2.

1. Only applicable if you have one mail account on your phone: Create a bogus mail account with fake settings. Just get it to be saved as a legit-looking account, and you should be OK.
2. Delete the problematic account.
3. In any other mail account, find where all your SMTP servers are listed (Account > SMTP).
4. The one from the problematic account should still be there. Tap on it to get the details, and hit Delete Server.
5. Make sure you don't have multiple listings for it. If you do, delete those, too.
6. Re-add the account you deleted. You should finally get the full Cannot Verify Server Identity dialog with Continue, Details, and Cancel.
7. Assuming you need to trust the certificate, hit Details. You should see the Trust option. Tap it!
8. You may need to repeat step 7 to cover both incoming and outgoing servers.
9. If you created a bogus account in step 1, be sure to delete it or Mail will get stuck on trying to get it to work.

This worked for me. I hope it works for you if you have the same problem I did.

Note: this fixes the issue of "cannot verify server identity" having no Continue/Details-Trust buttons when creating an Exchangemail account. This also assumes you have already reset your network information.This seems bonkers. Just go with me, I promise you.

Solution as of 03/09/2017 for EXCHANGE accounts:

- Mail -> Accounts -> Add New Account -> Exchange

- Type in random characters (like 'a') in the email address and password fields and click Continue

- Type in random characters in the email address, passwords, and username fields.

- TYPE IN YOUR CORRECT SERVER INFORMATION (ie: mail.domain.org)

- Click Next

- TADAH! Click Details -> Trust

- You will receive an error message saying invalid username/password; Change all other fields (domain, email address, username, password) to the correct credentials.

- Presto kablamo, you got yourself a working account.

My only thoughts as to why this is a thing is maybe IOS devices query the username/email/password information prior to asking the domain if it has a certificate.. Your domain will respond "Well, yes, this information is correct that you have provided me", and the IOS device will think WELL SUPER GOSH THANKS! and not hear the domain when it says "here's your certificate". In doing it the way above, the username/email/password information is incorrect, so the domain goes "Nope! But here's a cert" to which your device says, Well phooey. Hey thanks for the certificate Maybe they typed their info incorrectly?

shrug. This works.

I figured this out for a friend having the same issue.

What you can do is launch Safari and navigate to the https url of the server address.

Eg. https://my.server.com

You will be prompted with a security warning here and can press details then 'Trust' at the top right corner.

Close Safari and run through email wizard again (or just reenter password if account already saved) and you will again have the option to press continue for this server.

Today, I ran into the same issue with a co-worker of mine.

Somehow he couldn't setup his mail account on his iPhone, while it is running without any issues on mine.

On my iPhone i could select the Trust certificate option while creating the new Exchange account, while the Trust-option wasn't available on his phone.

At first I thought it might be the iOS version (10.2.1 vs 10.3), but I have the account running on my iPhone for over a year already.

The other difference was the WiFi being used: WEP-security on his phone and WPA2 security on mine.

After adding the SSID with WPA2 on his phone, and recreating the account, suddenly the Trust option was there as well.

This is confirmed in Certificate "Not Trusted" on iPhone.

Now it's running like a charm

I had the same problem when I restored my iPhone 6 backup to my new iphone X. The trust relationship needs reestablishing between the new device and the server certificate. I deleted my email account from the new phone and added it back again and this time clicked details when I received the certificate error and in the right hand top corner there is a TRUST option to click. This resolved it for me and hope it helps others. Its probably and Apple oversight as this option isn't available unless you add the email account again.

Dear brothers and sisters,...

This is most likely due to the fact that you messed with Date & Time settings and set Automate to OFF.....
Did you scramble with these settings and rewinded your iphone clock??...

I did this and the Google & iCloud server connections stopped.

Switching the Date & Time settings to Automate solved it for me.

Still occurring. Today the server SSL cerificate was reissued and my iPhone began to repeatedly and annoyingly give this warning. Yet, the Details show the certificate ‘Not trusted’, but with a valid date one year from today. A contradiction!

This following worked to fix this issue for me:

1. Settings > Accounts & Passwords > problem account > Account > Advanced > (incoming settings) Authentication

(Password was checked)

2. Change to NTLM

3. Navigate back until Done is visible. Press Done

4. Previous step immediately threw another alert. (server does not support NTLM) Press OK.

5. Navigate again to Authentication (#1 above) and change back to the original value. (Password)

6. Navigate back until Done is visible. Press Done (no error alert)

7. Switch to Mail and noticed the account was now able to check for mail with no error.

I had this problem and I solved it by going into:

- Settings

- Mail

- Accounts

- Select the problem account

- Tap on "Advanced"

- Then uncheck "Use SSL" in "incoming settings".

This is a solution for EXCHANGE accounts as of 2017.07.31, iOS 10.3.3.

You won't sacrifice your SSL. I am detailing genius2016's suggestion.

First, when using EXCHANGE accounts, iOS requires 4 things to register your account:

1. Email address: name.lastname@domain.com
2. Email password: 123456789
3. EXCHANGE user name: nlastname
4. Server (EXCHANGE IP): 000.000.000.00

You should now that regular registration process follows 3 screens or steps:

1. Checking if the service is available or exists
2. Checking your EXCHANGE account
3. Registering your email

Step A, you should employ your EXCHANGE account name (not an email account) to register (your email and user name could either be identical or different, check with your network administrator):

Instead of typing your email:

"name.lastname@domain.com"

Type your "user name" followed by "@" and your "IP" and proceed:

"nlastname@000.000.000.00"

On Step B, you employ the exchange user name ("nlastname@000.000.000.00") & your password.

This will give you an error message, "cannot verify server identity". Click on details, and you will see a new option on the upper right corner, "TRUST". Press that option, and your system will validate and accept the certificate. Then you can continue.

This will take you to the step C: You will enter your data as required (email in the email field, password on the password field, etc.).

My best regards.

-SQR

Hi guys

So real problem is when you have more than just on e-mail account on the server where you are getting cert issues.

Scenario

I have a more than one hundred mailboxes on the server wich recently updated its ssl cert.

Delete all of them and reconfigure again is not an option and Apple don't bother with their customers to much to fix old bug in their IOS so I tried this steps.

How I fix the problem.

1. Pick one from affected accounts and delete related SMTP server before you will delete that account.

2. Disable but not delete all accounts which are affected by ssl cert issues.

3. Readd account which you just delete and confirm trust to it by clicking details option from pop up window.

4. Enable all your previously disabled accounts.

DONE

This fix will works if you have mailboxes which are using the same outgoing SMTP server.

Hope the Apple will address this issues in their next IOS updates but unfortunately I'm getting more upset everyday with their everyday support.

Hope this help

Cheers,

Either that, or delete it just once, but do it correctly (deleting both the incoming and outgoing settings), reboot, and reinstall it.

Unless the problem is that the server certificate was out of date, and they eventually fixed it on their end.

Magic1950 wrote:

How did you fix your email server not trusted problem?

The easiest way is to delete the account, both incoming and SMTP servers, restart the phone, and add it back. As already described in this thread.

genius2016 has the solution here, at least until Apple notice and do something about it.

contoso.com below is a made up MS test name used in examples.

The underlying problem in our case is our Exchange server is https://mail.contoso.com and a first connection to our exchange will go to https://mail.contoso.com/autodiscover. Our server only has contoso.com, not mail.contoso.com on its list of accepted names, so the phone doubts the server. As explained ios users used to have an override button for this so we could look at the cert and determine it is ours actually, just missing the autodiscover name so we can accept it.

This has indeed disappeared in recent ios releases.

In my case Exchange 2010, I needed to enter my domain but it went through after that no problem.

I would recommend the unchecking your SSL option since your email will then be travelling enencrypted over the internet for all hackers to see.

Great fix genius2016, thanks for saving me a lot more time!

Apple has defied Einstein's insanity law. If you keep deleting and reinstalling the e- mail account, it will eventually accept it.

This is probably only a temporary solution. In my case the email service provider's certificate expired. When it is updated, it would be wise to select "Use SSL" on again.