How to fix iOS Mail ‘Cannot Verify Server Identity’ error with self-signed certificates

Since upgrading my iPhone to iOS 4.2.1 I continually received this annoying popup every time I sent or received email:

I use SSL for both sending and receiving email, and my mail server uses a self-signed certificate. It sounds like this is a common problem with iOS 4.2.1 and self-signed certificates. Some say it’s a bug, while others say it’s Apple’s intended behaviour with self-signed certs. One thing’s certain – it’s frickin’ annoying!

Anyway, after trying all sorts of things suggested in forums, including wiping my mail settings, rebooting, and so on, I finally came across the solution in this forum post. Here are the steps (slightly modified from Drarok’s post):

The steps assume that you already use Apple Mail to access your mail server via SSL, and that you’ve accepted the mail server certificates in Apple Mail. If you haven’t done this then the certificates won’t be on your Mac.

  1. On your Mac, open your Applications/Utilities folder, and double-click the Keychain Access app to open it.
  2. Find your mail server in the Name column. There may well be more than 1 entry. Find the entry that has “certificate” in the Kind column, and that has the most recent Expires date. This is the certificate you want. (You should see “This certificate is marked as trusted for…” in the pane at the top of the app.)
  3. Right/control-click the certificate and choose Export “(mail server name)”:

  4. In the File Format dropdown, make sure you select Privacy Enhanced Mail (.pem), NOT Certificate (.cer):
  5. Save the file on your desktop.
  6. Drag the file from your desktop to Mail to attach it to a new mail message. Send the email to yourself.
  7. On your iPhone/iPad/iPod touch, open the email. After no doubt getting the annoying popup again (don’t worry, this will be the last time you see it!), you’ll see the certificate attached as a little icon:
  8. Tap the icon. This will open an Install Profile window:

  9. Tap the Install button to install the certificate on your device.
  10. To get Mail on your device to pick up the new profile, you might need to quit and relaunch Mail. Double-click the Home button while on your home screen, then find the Mail icon. Hold your finger down on it till it wobbles, then tap the little red minus symbol to quit the Mail app. Then relaunch Mail from your home screen. (If you’re running anything earlier than an iPhone 3GS and don’t have multitasking, then simply reboot your device instead.)

You should now find that you can send and receive email without receiving the annoying popup. Woo!

By the way, if you ever want to delete the installed certificate, just fire up the Settings app and go to General. Scroll down, and you’ll see a Profile entry towards the bottom. Tap it, then tap the red Remove button.

Bookmark this post:

8 Responses to “How to fix iOS Mail ‘Cannot Verify Server Identity’ error with self-signed certificates”

  1. Kramer Says:

    Worked like a charm — thank you! iPhone 4 ATT 4.2.1

  2. Stephanie Clark Says:

    Thank you (and Drarok) a million times!!! This error has been driving me NUTS! Your solution worked perfectly. Yay!!!!!

  3. Karazy Says:

    Is there a solution for Windows users?

  4. James Gilmore Says:

    Not worked for me….. followed to the letter ….. but the mail doesnt seem to find the profile ?

    Cheers

  5. Matt Says:

    @Kramer @Stephanie – thanks, glad it helped!

    @Karazy: I’m not sure, to be honest. Does Windows have some kind of certificate repository where you could export the mail server cert in .pem format?

    @James: Sorry it didn’t work for you. Are you getting an error message of some sort?

  6. Pauli Says:

    Pleased to say that this works on iOS5 as well.

    Thank you so much for posting it.

  7. Matt Says:

    @Pauli: That’s great to hear! Thanks for letting me know. :)

  8. Dan Says:

    I was getting a certificate error while tryng to set up a yahoo email account on my ipod and the error was an incorrect date in my settings.

Leave a Reply