It’s always disturbing to see a warning that implies something malicious is happening. Such is the case with a warning that can appear when an app or operating system “Fails to Verify Server Identity” in iOS or iPadOS or “Fails to Verify Server Identity” in macOS.
The intent of this post is to ensure that no secure connection established through a web browser, email client, or other software has been compromised by a man-in-the-middle (MitM) attack. In such a situation, an attacker tries to fool you by accepting a different digital certificate to connect to than the one associated with the web server’s host and domain name that your device wants to reach.
Third parties called certificate authorities (CAs) cryptographically sign the digital certificates, identifiers that servers provide when a browser or other software client establishes a secure connection. The CAs also have signatures that operating systems and browsers have built into their release versions. When an app tries to establish a secure connection, it retrieves the digital certificate from a server and validates that the certificate has a legitimate signature from a CA by comparing it to the local storage. (These CA countersignatures are tied to powerful cryptographic algorithms and an attacker cannot forge them without causing an error.)
In practice, it is quite rare to come across these types of attacks in recent years as operating systems and browsers have become quite vocal about warning of a problem or even making it difficult to figure out how to circumvent it.
With Apple’s warning, you have the option to click Continue and authorize a connection with the wrong certificate. You should never agree to this unless you know exactly why it happened. (The only time it makes sense is for a project hosted on a local network or run by an organization you know that doesn’t obtain a validated third-party certificate. Even then, you’d be profiled to get a ”self-signed” certificate before connecting which raised a warning.)
Where you usually see this problem is when you connect to a Wi-Fi hotspot before authenticating through a portal page. Until you click the accept button, pay for service or log in, you can only reach the portal page – the rest of the internet is shut down.
As a result, if apps on your iPhone, iPad, or Mac try to connect to a secure site, the network returns the certificate for the local hotspot portal server. So you get an error because that certificate is not the right one.
Tap or click . to get around the problem Cancel on each message that appears. Then log in to the hotspot network if that is an option or disconnect. You can use the Control Center in iOS, iPadOS, or macOS to temporarily disable Wi-Fi: tap or click the Wi-Fi icon.
Or you can “forget” the Wi-Fi network from your saved settings, which will cause your device to disconnect and not automatically reconnect to the same network:
In iOS/iPadOS, go to Settings > Wi-Fitap the i info icon to the right of the connected network, tap Forget this networkand confirm.
Open in macOS System Preferences > Networkselect the Wi-Fi network from the interface list on the left, click Advancedselect the network in the Wi-Fi tab, and click the – minus button, and confirm by clicking remove.
This Mac 911 article answers a question from Macworld reader David.
Ask Mac 911
We’ve put together a list of the most frequently asked questions, along with answers and links to columns: read our super frequently asked questions to see if your question is there. If not, we are always looking for new problems to solve! Email yours to [email protected], including screenshots where appropriate and if you’d like to use your full name. Not every question is answered, we don’t answer email and we can’t provide direct advice to solve problems.