Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

"Cannot verify server identity" message from mail, iOS 10.2.1

SInce upgrading to iOS 10.2.1, the mail app cannot send mail, returning a certificate error, "cannot verify server identity"

Previously, all I needed do was view the certificate details, then simply select "trust" to accept the certificate. This option is no longer available.

Apple support tried to tell me my provider (Dreamhost) must have changed setting so iOS would no longer allow me to trust their certificates. Really. That's what they said.

Now, imagine generating a server certificate. Then, further imagine setting it (if it were even possible), so that no client could trust and use it. That's what Apple Support suggested to me.

I've seen other complaints on the internets about this behavior with this iOS version.

Does anyone here know how to trust a mail certificate with iOS 10.2.1?

Posted on Jan 29, 2017 11:15 PM

Best reply

Jesse Ohlsson Author

Level 1

45 points

Posted on Jan 30, 2017 8:14 AM

Listen, man. If you don't know how to solve the problem, let's wait for someone who does, shall we?

Remember how you said iOS had no option to trust a certificate? Take a look at that screenshot. Note the part highlighted in red on the top right corner.

This option is no longer available after the iOS 10.2.1 update.

I haven't used a POP email server for probably a decade. Further, that article to which you linked is useless. It solved nothing.

I cannot send email because iOS 10.2.1 doesn't trust my hosting service's certificate, and the iOS no longer allows me to trust that certificate.

View in context

33 replies

rbm3

Level 1

4 points

Mar 28, 2017 9:36 PM in response to Jesse Ohlsson

I looked at many videos and posts on this mail issue.

this one actually works!!-

1st Delete the Email Account that's giving you Trouble

2nd Go back to Settings and then Mail then Click on Accounts then click on another email account that you have on there click on it then Outgoing Mail Server

After getting to the Outgoing Mail Server Click on the Email that you deleted in 1st step then Scoll down and

Delete the Server!

3rd and Last Re Add Email Account and the Contiue will pop up to Verify Server

Thanks to "bearbeaty" the Legend

rbm3

Level 1

4 points

Mar 28, 2017 9:42 PM in response to rbm3

btw If you don't have a 2nd email account you may need to create a dummy one (as I did) so you can get to the "Outgoing Mail Server" section (to delete the problem account).

This worked for both my iPhone (10.3) and iPad (10.0.2)

Apr 21, 2017 8:55 PM in response to Jesse Ohlsson

omg, I know some people are trying to be helpful here, but please just don't repeat the same stuff (particularly when it doesn't work!)

Anyway, the reason you're seeing these issues is the SSL certificate being issued by the mail server you're connecting to doesn't have a name embedded in it that matching the mail server you've configured in iOS. (Previously you could tell iOS to ignore this and drive on, which is essentially telling iOS to accept what could be a fake or counterfeit certificate, meaning someone could be intercepting or altering your communications between you and the server - hello NSA, unscrupulous ISP's)

When you get the error message, go into the detail screen, near the top will be a name or list of names (including wildcards) the certificate is valid for. The mail server name you configure into iOS must match that, else you'll get the error.

To give an example, because it's relevant here, people using custom domain names from Dreamhost (that don't use a private SSL certificate - you'll know if you have that / i.e. pay for it) will notice the details in the SSL certificate say it's valid for *.mail.dreamhost.com. This means the mail server name you configure in iOS must match this. At this point you probably need to go to your providers site to find out the exact name to use. Dreamhost users should look at the instructions here: https://help.dreamhost.com/hc/en-us/articles/214918038-Email-client-configuratio n-overview. It essentially tells you to go to the control panel and look at the "data centers" area under support. According to their instructions, if it says "homiemail-sub5", the servername ends up being sub5.mail.dreamhost.com. You'll need this for the incoming IMAP server name and the outgoing SMTP server name.

The alternatives are to turn off SSL (i.e. turn off encryption) so your mail, including password, goes over the entire internet in the clear (Not a good idea), or purchase an SSL certificate that has your custom domain name in it. (This is not worth the money or hassle)

Good luck!

May 1, 2017 9:11 AM in response to Briansyddall

Thank you, Briansyddall.

I had read a bunch of suggestions and spoke with the help desk at my ISP. I found your suggestion, deleted the troublesome account, reentered it and got the option to Trust the certificate. It worked as you said it would; first time.

Thank you.

Jul 5, 2017 1:19 AM in response to Boris Y

I had the same problem. Using iOS 10.3.2. I deleted the account and re entered the info. At the end the IPhone stated it did not trust the certificate and gave me the option to check details where I found the Trust box has appeared. Ticked that and now I can receive emails.

Jul 30, 2017 5:01 PM in response to Jesse Ohlsson

Jesse, I agree... this is a stupid idea by apple built for stupid users. They are going the microsoft way of not allowing users to have any level of intelligence. The fact that you have to remove the accounts to fix this rather than being allowed to accept a new certificate is nanny state crap.

pillguy

Level 4

1,339 points

Aug 9, 2017 6:02 PM in response to Jesse Ohlsson

Just fixed this on my iPad. First, open the account in question. View the SMTP server settings and note the smtp server that is set to ON (this should be the offending Server account causing the cert rejection). Now delete this entire mail account. Go into one of your other mail accounts and click on the smtp servers. YOu should now be able to delete the offending smtp server. If you cannot delete it, it means you have that server as the default on some other mail account. Look at each of your accounts and ensure the offending smtp server is NOT the default account. Once you do this, you can then delete the offending smtp account from any one of your other email accounts. You will see a "Delete Server" button at the bottom of that account when you open it. Then add the entire mail account back, and you will get the cert that can be Trusted (button reappears). If you need help please reply.

xen007

Level 1

4 points

Oct 3, 2017 11:29 AM in response to Jesse Ohlsson

Just check in the details of the certificate the date frame of it's validity and manually choose an earlier date on your iPad, iPhone etc. then try to install your email again and magically the trust button will appear.

Then again, return your device to the current date and everything will be ok.

bebopple

Level 1

16 points

Nov 13, 2017 12:03 PM in response to xen007

My problem seems to be a little different. I do have 2 email accounts - 1 is my applemail (.mac) account. And the other is my regular email. Im having the same problems described by others but when I go to my .mac avcount to delete the servers in my regular account - there are none. I think Apple hides the servers so that we cant go there and chanfe anything.

So what this comes down to is I cannof get rid of the servers which are screwing up my email :(

Any knowledge out there - would be appreciated.

Bob

bebopple

Level 1

16 points

Nov 13, 2017 8:21 PM in response to xen007

Update - my problem in deleting the servers and email account was that I had a profile installed ny MediaTemple on another occasion when I was having other “email issues.” Deleting the profile accessed the delete account button. After all this my email still does not send on iphone or ipad - and its fine on my mac. The new culprit according to iOS is that the recipient’s email address was rejected by the server.