iPhone Cannot Verify Server Identity Exchange? How to fix

by
Cannot verify server identity

If you have come across this message on your iPhone, “Cannot Verify Server Identity,” don’t worry it is a common error iOS device.

The good news is that it can be fixed and we’ll show you exactly how to do that in this guide.

What does the iPhone cannot verify server identity exchange error mean?

The iOS operating system has adjudged your server’s certificate to be fake is the simple answer to this question. Typically, your iOS device connects to a mail server securely via fetching the server’s “SSL certificate” and confirming its reliability.

In cases of expired certificates, on-matching domain names, or untrusted company, the certificate is marked as unreliable.

This automatically cuts of the secure connection. Your device will then show the error “Cannot Verify Server Identity. “

Read: Fix iPhone or iPad activation server cannot be reached

We also see this error when?

  • The mail server’s certificate is changed (e.g. new issuer), or
  • A new account is being setup in iPhone, or
  • After an account migration

How to fix iPhone cannot verify server identity exchange error

Here is a detailed guide for solving the issue:

  1. Mismatch between Domain name and Server name

This confusion comes about when a user places the mail server certificate as the mail server name. iOS noticing the discrepancy often will flag the connection as insecure and halt connectivity. Most mail server names conform to the format of “mail.website-name.com”.

While their corresponding mail server certificate of the mail conforms to “mail.server-name.com”. This slight difference may be the cause of the problem.

This is solved by:

  • Change mail server name– In cases where the hosting customer has a VPS account, we change the mail server name to match the certificate name.
  • Fix mail configuration
  • In cases of a hosting user is uses Shared Hosting, we changing iPhone’s mail server settings just does the trick. Change it from “mail.server-name.com” instead of “mail.website-name.com”.
  • Setup a free dedicated certificate
  • if you don’t a valid certificate especially self-signed certs which are considered untrusted and you are using VPS. You can set up certificates from other third parties e.g. Let’s Encrypt, ensure it is a valid CA and also offers free SSLs.

Read: Fix the connection to the outgoing server smtp.gmail.com failed

  1. “Bug” in iPhone & iOS

That apple employs stringent checks on secure certificates is an open secret. Chances are the inability to change these certificates will translate to the error remaining.

There is also a slim possibility of the error still reoccurring even after these changes.

Most third-party users add the server’s SSL certificate to the “Trusted” list. Here is how:

  • Tap on the “Details” button shown in the error message.
  • And in the next screen, tap on the “Trust” link.

How to fix it in iOS 10.x+

Unlike older versions there is no longer a trusted list option of certificate addition in the later versions of iPhone and iOS 10.x+. In case you are faced with this,

  • Delete all mail accounts related to your domain.
    • Go to Settings
    • Click on Accounts & Password
    • Enter your Account Name
    • Delete Account.
  • Delete all outgoing mail servers in settings.
  • Re-add the mail account(s).
  • An option to “Trust” the certificates
  • This should technically solve the error message

Hopefully, you have managed to fix this error on your iOS device and you are able to use it without any further issues.

Read: There was an error connecting to the Apple ID server iPad