Cannot Verify Server Identity

Fix iOS 17 'Cannot Verify Server Identity' Error Fast

Mobile – iOS Beginner 👁 0 views 📅 May 27, 2026

This iOS 17 error blocks mail and calendar connections. It's usually a certificate mismatch from an outdated profile or wrong date. Here's the fix.

You're seeing this error, and it's maddening

I know. You're trying to check your email or add a calendar event, and your iPhone throws up that gray dialog: 'Cannot Verify Server Identity'. It feels like your phone is gaslighting you — the server worked fine yesterday, right? Let's fix it now.

The fast fix: update your date and time settings

This is the single most common cause. If your iPhone's date or time is even slightly off, SSL certificate validation fails. The error pops up because your device can't match the server's certificate timestamp with its own clock.

  1. Open Settings > General > Date & Time.
  2. Turn on 'Set Automatically'. If it's already on, turn it off, wait 10 seconds, then turn it back on.
  3. Force close the Mail or Calendar app (swipe up from the bottom and swipe the app away).
  4. Open the app again. Test by refreshing mail or adding an event.

Nine times out of ten, this is it. I've seen this trip up people traveling across time zones or after a daylight saving switch. The phone syncs the time from the carrier, but if you're on a weak signal, it can drift.

If that didn't fix it: remove and re-add the account

Sometimes the cached certificate or connection settings get corrupted. A clean account re-add forces the phone to fetch a fresh certificate chain.

  1. Go to Settings > Mail (or Calendar) > Accounts.
  2. Tap the account throwing the error (likely Exchange, Gmail, or iCloud).
  3. Tap Delete Account. Confirm.
  4. Restart your iPhone (press and hold power + volume down until slider appears).
  5. Go back to Settings > Mail > Accounts > Add Account.
  6. Re-enter your credentials. If prompted to accept a certificate, tap Accept.

I've done this dozens of times for users who had outdated Exchange ActiveSync profiles. The old profile had a certificate pinned to an expired root CA. A clean re-add refreshes it.

Why does this happen? Certificate authority changes

iOS 17 tightened certificate validation. Apple deprecated several older root certificates in iOS 17.0.3 and later. If your email server uses an older CA — like the old DigiCert or GlobalSign roots — your iPhone will reject it. The error isn't lying; the server's identity literally can't be verified against the trusted store on your device.

The real fix here isn't on your phone — it's on your server admin. But if you're not the admin, you can work around it temporarily by accepting the certificate manually (Settings > General > About > Certificate Trust Settings). Toggle on the required root if it's listed. If it isn't, you're stuck until the server updates its certificate chain.

Less common variations: VPNs and profiles

If you use a VPN or have configuration profiles installed (common for corporate or school devices), those can intercept SSL traffic and present their own certificate. Your iPhone sees a mismatch between the expected server certificate and the one the VPN/proxy presents.

Check your VPN

  1. Go to Settings > General > VPN & Device Management.
  2. Turn off the VPN. Test the email/calendar again.
  3. If it works, the VPN's certificate is the culprit. Contact your IT team to get a proper certificate installed on the VPN server.

Check your profiles

  1. Same path: Settings > General > VPN & Device Management.
  2. Tap each profile and look for 'Certificate' entries. If you see one with a red 'Not Trusted' warning, remove the profile (tap Remove Profile).
  3. Restart and test.

I once spent an hour on a call with a user who had a leftover profile from a university Wi-Fi network from 2019. That profile had an expired intermediate certificate that was intercepting all SSL connections. Removing it fixed everything instantly.

Prevention: keep iOS and certificates current

You can't stop server admins from using old CAs, but you can keep your device ready.

  • Always update iOS when Apple pushes a new version. iOS 17.4 and later include updated root store lists. Sticking on 17.0 or 17.1 leaves you exposed to this error with more servers.
  • Set Date & Time to automatic and never turn it off unless you're troubleshooting. Manual time is the #1 cause of these errors in the field.
  • Clean up profiles annually. Go through your VPN & Device Management list and delete any profile you don't actively use. Old school, old job, old VPN — gone.
  • If you're an admin, update your server's certificate chain to use a modern CA like Let's Encrypt or a trusted commercial root that ships with iOS. Your users will thank you (or at least stop calling support).

This error is annoying, but it's rarely a sign of something broken. It's iOS doing its job — verifying identity before trusting a connection. A few minutes of clock-checking or account re-adding usually gets you back in. If not, the certificate chain needs updating on the server side. Either way, you've got this.

Was this solution helpful?

iOS 17 cannot verify server identity fix server identity error iPhone iOS 17 mail error iPhone certificate error server identity not trusted iOS 17 calendar error update iOS 17 reset network settings iPhone remove exchange profile iPhone iPhone date and time fix server identity error fix 2024