How to fix a Cannot Verify Server Identity error

It’s always disconcerting to see an alert that suggests something malicious is happening. This is the case for an alert that can appear when an app or operating system “Unable to verify server identity” in iOS or iPadOS, or “Unable to verify server identity” in macOS.

This message is intended to ensure that a secure connection established via a web browser, email client, or other software has not been compromised by a man-in-the-middle (MitM) attack. In such a situation, an attacker tries to trick you into accepting a different digital certificate for the connection than the one associated with the host and domain name of the web server your device is trying to reach.

Third parties — called Certificate Authorities (CAs) — cryptographically sign the digital certificates, documents of identity, that servers provide when a browser or other software client establishes a secure connection. The CAs also have signatures that operating systems and browsers build into their release versions. When an app attempts to establish a secure connection, it retrieves a server’s digital certificate and validates that the certificate has a legitimate signature from a certificate authority by comparing it to its local store. (These CA countersignatures are tied to powerful cryptographic algorithms and an attacker cannot forge them without causing an error.)

In practice, this type of attack has been fairly rare in recent years, as operating systems and browsers are very vocal in warning of a problem, or even making it difficult to figure out how to circumvent it.

Apple’s warning gives you the option to click continue and authorize a connection with the wrong certificate. You should never agree to this unless you know exactly why it happened. (The only time it makes sense is for a project that’s hosted on a local network or operated by an organization that you know doesn’t get a third-party validated certificate. Even then, you would profile Obtain a “self-signed” certificate before connecting, which raised an alert.)

This problem usually occurs when you connect to a WiFi hotspot before authenticating through a portal page. Until you click the accept button, pay for the service, or sign up, you can only reach the portal page – the rest of the internet is cut off.

So when apps on your iPhone, iPad, or Mac try to connect to a secure site, the network returns the certificate for its local hotspot portal server. Therefore, you get an error message because this certificate is not the right one.

Tap or click to work around the problem Cancel to any message that appears. Then either join or disconnect from the hotspot network if possible. You can use Control Center in iOS, iPadOS, or macOS to temporarily turn off Wi-Fi: tap or click the Wi-Fi icon.

Or you can “forget” the Wi-Fi network from your saved settings, which will disconnect your device and not automatically reconnect it to the same network:

• On iOS/iPadOS, go to settings > Wireless Internet accesstap the i-info icon to the right of the connected network, tap Forget this networkand confirm.
• On macOS, open system settings > networkselect the Wi-Fi network in the interface list on the left and click Progressiveselect the network in the Wireless Internet access and click the button – minus and confirm with one click Remove.

This Mac 911 article answers a question from Macworld reader David.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: Check out our Super FAQ to see if your question is covered. If not, we are always looking for new problems to solve! Email yours to [email protected], including screenshots if necessary and whether to use your full name. Not every question will be answered, we do not respond to emails, and we cannot provide direct troubleshooting advice.