How to fix “cannot verify server identity” error

Overview

The “Cannot Verify Server Identity” error typically occurs when an email or web service cannot validate the SSL/TLS certificate of the server it is trying to connect to. This can be caused by an expired, mismatched, or improperly configured certificate. The error is commonly seen in iOS devices, macOS Mail, Outlook, and other email clients when accessing IMAP, SMTP, or Exchange servers.

This guide will cover:

• Why this error occurs

• Step-by-step troubleshooting methods

• Advanced fixes for server administrators

• Best practices to prevent future SSL/TLS issues

Why Does the “Cannot Verify Server Identity” Error Occur?

When a device or application connects to a server using SSL/TLS encryption, it verifies the certificate presented by the server. The error occurs when:

1. The SSL certificate has expired – Certificates have a set validity period, and an expired certificate is considered invalid.

2. The certificate is self-signed – Many devices reject self-signed certificates by default.

3. The domain name does not match the certificate – The Common Name (CN) or Subject Alternative Name (SAN) on the certificate must match the server address.

4. The certificate is not issued by a trusted Certificate Authority (CA) – Some CAs may not be recognized by the operating system or browser.

5. Network-related issues – Captive portals (e.g., public Wi-Fi) may interfere with certificate validation.

6. Email client settings are incorrect – A misconfigured mail server, outdated configurations, or incorrect hostname settings can trigger the error.

How to Fix the “Cannot Verify Server Identity” Error

1. Restart Your Device and Internet Connection

Before making any changes, restart your device and reset your network connection to rule out temporary glitches.

For iOS/iPadOS/macOS Users:

1. Close Mail app – Double-click the home button (or swipe up) and close the app.

2. Restart your iPhone, iPad, or Mac.

3. Reconnect to a stable Wi-Fi or mobile network.

For Windows & Android Users:

1. Close your email client (Outlook, Thunderbird, etc.).

2. Restart your device.

3. Try switching between Wi-Fi and mobile data.

2. Check the SSL Certificate on the Server

If you are an administrator, verify the SSL certificate status.

To check the certificate manually:

1. Open a browser and visit: https://yourmailserver.com

2. Click the padlock icon in the address bar.

3. Check if the certificate is valid, expired, or mismatched.

If the certificate is expired or not issued by a trusted CA, you need to renew or replace the certificate.

3. Update Email Settings on Your Device

If your email client has outdated settings, manually update them:

For iPhone/iPad (iOS Mail App)

1. Go to Settings > Mail > Accounts.

2. Select your email account and tap Account Settings.

3. Verify the Incoming Mail Server (IMAP/POP3) and Outgoing SMTP server settings.

4. Ensure the hostname matches the SSL certificate (e.g., mail.example.com).

5. Enable SSL/TLS and use the correct ports:

   • IMAP: Port 993 with SSL

   • POP3: Port 995 with SSL

   • SMTP: Port 465 or 587 with SSL/TLS

For Outlook (Windows/macOS)

1. Open Outlook and go to File > Account Settings.

2. Select the affected email account and click Change.

3. Ensure the incoming and outgoing servers match the SSL certificate.

4. Check the Advanced settings and update port numbers as needed.

4. Remove and Re-add the Email Account

If the error persists, remove the email account and reconfigure it:

On iPhone/iPad:

1. Go to Settings > Mail > Accounts.

2. Select the problematic account and tap Delete Account.

3. Restart your device and re-add the account with the correct settings.

On Windows/macOS:

1. Open your email client and navigate to Account Settings.

2. Remove the affected account and restart your device.

3. Add the account again with the correct server details.

5. Reset Network Settings (iOS & Android)

If the issue is related to cached network settings, resetting them may help:

On iPhone/iPad:

1. Go to Settings > General > Reset.

2. Tap Reset Network Settings.

On Android:

1. Go to Settings > System > Reset options.

2. Tap Reset Wi-Fi, mobile & Bluetooth.

6. Use a Trusted SSL Certificate (For Server Admins)

If you manage the mail server, ensure the SSL certificate is properly installed:

For cPanel Users:

1. Log in to cPanel and go to SSL/TLS > Manage SSL Sites.

2. Verify that the correct certificate is installed.

3. If needed, install a new certificate issued by Let’s Encrypt or a trusted CA.

For Linux Mail Servers (Postfix/Dovecot):

1. Check SSL certificate paths in /etc/postfix/main.cf:

   smtpd_tls_cert_file=/etc/ssl/certs/server.pem
   smtpd_tls_key_file=/etc/ssl/private/server.key

2. Restart Postfix:

   sudo systemctl restart postfix

7. Try an Alternate Email Client

If the issue is client-specific (e.g., only occurring in Apple Mail but not Outlook), try a different email client or webmail version.

Summary

Issue	Solution
Expired or invalid SSL certificate	Renew SSL certificate or use Let’s Encrypt
Incorrect mail server settings	Verify IMAP, SMTP, and port settings
Cached network settings causing issues	Reset network settings (iOS, Android)
iOS Mail rejecting self-signed certificates	Use a trusted CA-issued certificate
Outlook or Mac Mail still failing	Remove and re-add the email account

References

• Apple Support: Mail Connection Issues

• Microsoft Support: Outlook Certificate Errors

• RFC 5246 – TLS 1.2 Protocol

By following these steps, you can resolve the “Cannot Verify Server Identity” error and restore secure email access on your devices.