You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

"Cannot verify server identity" message from mail, iOS 10.2.1

SInce upgrading to iOS 10.2.1, the mail app cannot send mail, returning a certificate error, "cannot verify server identity"


Previously, all I needed do was view the certificate details, then simply select "trust" to accept the certificate. This option is no longer available.


Apple support tried to tell me my provider (Dreamhost) must have changed setting so iOS would no longer allow me to trust their certificates. Really. That's what they said.


Now, imagine generating a server certificate. Then, further imagine setting it (if it were even possible), so that no client could trust and use it. That's what Apple Support suggested to me.


I've seen other complaints on the internets about this behavior with this iOS version.


Does anyone here know how to trust a mail certificate with iOS 10.2.1?

Posted on Jan 29, 2017 11:15 PM

Reply
Question marked as Top-ranking reply

Posted on Jan 30, 2017 8:14 AM

Listen, man. If you don't know how to solve the problem, let's wait for someone who does, shall we?


Remember how you said iOS had no option to trust a certificate? Take a look at that screenshot. Note the part highlighted in red on the top right corner.


User uploaded file


This option is no longer available after the iOS 10.2.1 update.


I haven't used a POP email server for probably a decade. Further, that article to which you linked is useless. It solved nothing.


I cannot send email because iOS 10.2.1 doesn't trust my hosting service's certificate, and the iOS no longer allows me to trust that certificate.

33 replies
Question marked as Top-ranking reply

Jan 30, 2017 8:14 AM in response to rbakelaar

Listen, man. If you don't know how to solve the problem, let's wait for someone who does, shall we?


Remember how you said iOS had no option to trust a certificate? Take a look at that screenshot. Note the part highlighted in red on the top right corner.


User uploaded file


This option is no longer available after the iOS 10.2.1 update.


I haven't used a POP email server for probably a decade. Further, that article to which you linked is useless. It solved nothing.


I cannot send email because iOS 10.2.1 doesn't trust my hosting service's certificate, and the iOS no longer allows me to trust that certificate.

Jan 31, 2017 1:23 PM in response to rbakelaar

In fact, I had already seen that article, and tried everything in it before posting here. It really is shockingly unhelpful to repeat what a quick search in the support pages returns.


I did remove and recreate the account with the problem, which did not solved nothing. That's what motivated me to try to ask here.


So far, Apple support has been of no use. They won't even admit to the problem. There is little wonder then, that their support articles are of no use to solve this problem. They actually suggested the same thing you did, that it was somehow my service provider that made the configuration change that caused this problem.


Well, I've bounced this off of the support engineers at Dreamhost. They made no changes. In fact, they wouldn't make changes to their PKI infrastructure based on some iOS firmware update that Apple decides to release. Using PKI server certificates to secure communications between clients and servers is an industry standard process which doesn't dance to Apple's tune. Furthermore, hosting services do actually provide services to other than Apple product users. So, no. This has never been the fault of my commercial hosting service.


Apple created this problem when they released iOS 10.2.1. They changed how iOS behaves regarding PKI certificates. Now, if no one here knows exactly what to do to reverse engineer their product to fix a problem they caused, fine. That's how it is.


Did you see the image I posted that clearly shows that it was once possible to choose to trust a certificate? Here's what iOS update 10.2.1 did to that dialog. Note the upper right corner. That is where the option to Trust a certificate once existed:


User uploaded file


Do you understand the problem now? This is a problem with how iOS handles SSL certificates, not with the certificates themselves.

Feb 3, 2017 10:13 AM in response to Boris Y

Thanks, Boris. I did get that suggestion from Dreamhost, and that was going to be my last resort.:


Here's what I discovered:


Simply deleting the email account that is using the offending outgoing mail server doesn't do the job. Since I have several email accounts, that outgoing mail server entry remains in iOS, available for those other email accounts to use.


What has to be done is to go to the outgoing mail server settings for another email account (after deleting the mail account that was using the failing outgoing mail server), and deleting the failing outgoing mail server entry from the list of outgoing mail servers. It isn't possible to delete the entry for the failing outgoing mail server if it is in use by any email account


It does nothing to delete the account that has the failing outgoing mail server, as suggested by the Apple support page, if you have more than one email account defined. As long as that entry exists in the outgoing email server list, iOS will not present the option to trust its certificate after the 10.2.1 update.


For us, I deleted all email accounts on our iPads that were hosted by Dreamhost, leaving my Google mail account. It was in the outgoing mail server list for the Google mail account where I was able to delete the failing outgoing mail server entries. Then, when I recreated those email accounts, I was able to accept the certificate as before the 10.2.1 update.

Jan 29, 2017 11:22 PM in response to Jesse Ohlsson

Hi Jesse,


What email domain are you using? Use https://www.apple.com/support/mail-settings-lookup/ to check your email's incoming and outgoing server settings. Then go to Settings > Mail > Accounts > Tap on your account > Then tap on your email at the top. Verify that incoming and outgoing mail server settings are correct. If that doesn't help use this article: If you can’t send or receive emails on your iPhone, iPad, or iPod touch

Jan 30, 2017 12:05 AM in response to Jesse Ohlsson

Like I said before follow my earlier post. Look up your email in the settings in the tool I gave you https://www.apple.com/support/mail-settings-lookup/ Then remove and re-add the account with those settings. Your account is most likely a pop account which is old technology. Update it to an imap account or get your email provider to do it for you. You simply said that you're having an issue with SENDING mail. Follow this article if you're having that issue: If you can’t send or receive emails on your iPhone, iPad, or iPod touch

Jan 29, 2017 11:39 PM in response to Jesse Ohlsson

There is no option to "trust" a certificate in iOS. iOS is not designed the same way that Mac OS is. That message you're getting is directly related to your email providers incoming and outgoing server settings. It's nothing to do with the certificate. If your incoming and outgoing server settings aren't working. It's an issue with your email account specifically. Account settings are updated along with software updates. So it is indeed possible they could've changed the settings to accommodate the update.

Jan 29, 2017 11:59 PM in response to rbakelaar

I've done it in iOS for years. My hosting service's certificate domain doesn't match my domain name, and it causes an error. Previously, all I needed do was view the certificatedetails, and choose to trust it.


To what settings are you referring? Apple Support said this same stuff. Settings. What, port number? That hasn't changed. Still works on my other iPad, that isn't running 10.2.1. What other settings can affect iOS refusing to trust a certificate?


IOS is getting the cert, it just won't let me trust it any more.


Right now, the only option I have is to shut off SSL. Oh, that's nice, isn't it? My email in transit in plaintext.

Jan 30, 2017 9:48 PM in response to Jesse Ohlsson

Exactly I wasn't trying to be rude but that's what I suggested to you. Brian is saying the same thing I was man. We're just trying to help you. If you don't want to take our suggestions. Then don't ask for them on here. I said you most likely have a pop account. I never said you did. Obviously it sounds like you didn't follow that article. Because at the bottom of it it tells you to remove and re-add the accounts. I'm a consumer and don't have a business email. So things will be different on my end then yours and not have certificates.

Feb 1, 2017 11:18 AM in response to rbakelaar

Of course I'd been through Apple' support process before I posted here. Who doesn't do that?


If their support staff were trained to support their product, we wouldn't be having this little discussion, would we?


So, since you are admittedly a consumer with no knowledge of server certificates and how client operating systems use them, what are you chiming in for?

Feb 2, 2017 5:05 PM in response to Jesse Ohlsson

Hi Jesse,

Another update, another casualty....... This is yet another case of Apple assuming you don't know what you're doing and "protecting" you from trusting a domain you possibly shouldn't - again, "possibly" is the key here, since as you know there are a lot of reasons why you might WANT to trust a valid certificate from a name that does not agree with the cert. I have a custom domain on Dreamhost and had the same problem.


Change your "outgoing mail server" for the account from mail.yourcustomdomain.com to homie.mail.dreamhost.com (Yes, that is a silly name, but you know Dreamhost) and the problem will go away without you having to delete anything.


You're not alone in your frustration - support and IOS in general are in a state of gradual decline for several years now. Apple is now in the business of pushing toys and fluff "features" while ignoring real issues, basically punishing you for trying to do "real work" with your devices. Formerly-working features are broken or removed without warning in almost every new update, but hey, think of the pretty balloons and all the new emoji you've got! Do a quick search for "apple core rot" to see a funny summary of the state of things (funny-sad, but at least good for a laugh).


Peace,

Boris

Mar 15, 2017 10:10 PM in response to Jesse Ohlsson

If you setup your email account in your iPhone/ipad manually, then go back to your host where you originally got all of that information, and verify it has not changed (incoming hostname, incoming port, outgoing hostname, outgoing port are the critical ones). My iPhone was giving this error all day, and it ended up that my host had most likely changed the client settings. Most hosting companies use a "cpanel", that is where your email client settings are. Or just contact your host.


I think my host was allowing me to use www.mywebsite.com for my incoming and outgoing server, but when I went to my "cpanel" and looked at the recommended client email settings, it was actually xxx.theirwebsite.biz. Once I changed that and updated a port that was wrong (had changed?), email started working again.


Bottom line, your host may have changed the email client settings you need.


I did not need to delete the account, I just needed to change the incoming and outgoing hosts.

Mar 16, 2017 9:21 AM in response to rluther

Nope.


This happened on one device. Only after an IOS update. The useless people at Apple tech support told me the same thing. Essentially, youremi plying that my email hosting service was just waiting for me to upgrade to the latest version of IOS, then changed the ports they were using. Which, of course, has NOTHING to do with a server certificate.


The the goal in solving this problem is to remove all instances of the cached server certficicate from the device having this problem. Then, when replacing that server, IOS will once again present the option to trust the server certificate.

"Cannot verify server identity" message from mail, iOS 10.2.1

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.