Quick Summary
The "Can't verify server identity" error on macOS typically indicates that your email client (like Mail.app) is unable to trust the identity of the email server it's trying to connect to. This often occurs because the server's SSL certificate is invalid, expired, or not trusted by your system.
Common Causes
- Invalid SSL Certificate: The email server is using an SSL certificate that is expired, self-signed, or has been revoked. This is the most common cause.
- Incorrect Date and Time Settings: If your Mac's date and time are significantly incorrect, it can cause issues with SSL certificate validation as the system may incorrectly perceive the certificate as expired or not yet valid.
- Interference from Security Software: Firewalls, antivirus software, or VPNs can sometimes interfere with secure connections and cause certificate validation errors. These programs may be intercepting and modifying the secure connection.
- Corrupted Keychain Access: Keychain Access stores your passwords and certificates. If it's corrupted, it may prevent your email client from verifying the server's identity.
- Incorrect Email Account Settings: Rarely, incorrect email account settings (like server names or port numbers) can lead to this error, especially if the settings don't match what the server expects for secure connections.
Step-by-Step Fixes
Method 1: Verify Date and Time Settings
Step 1: Go to System Preferences (Apple menu -> System Preferences).
Step 2: Click on "Date & Time".
Step 3: Ensure that "Set date and time automatically" is checked. If it's already checked, uncheck it and then recheck it to force a refresh. If you're not using automatic time, manually set the correct date and time.
Step 4: Click the "Time Zone" tab and verify your time zone is correct.
Step 5: Restart Mail.
Method 2: Trust the Certificate (Use Caution)
Step 1: When the error message appears, look for an option to view the certificate details. This option might be behind an "Show Certificate" or similar button.
Step 2: Examine the certificate. If the certificate appears to be issued to the correct domain (the email server), you may choose to trust it. However, exercise caution and only do this if you are certain the certificate belongs to your mail provider.
Step 3: Check the box next to "Always trust" (or a similar option) and click "Connect" or "Continue".
Step 4: You may be prompted for your macOS user password to allow Keychain Access to trust the certificate.
Warning: Only trust certificates if you are sure they are legitimate. Contact your email provider if you have doubts.
Method 3: Check Keychain Access for Duplicate Certificates
Step 1: Open Keychain Access (Applications -> Utilities -> Keychain Access).
Step 2: In the "Keychains" list on the left, select "System" or "System Roots".
Step 3: In the search bar in the upper-right corner, enter the domain name of the email server (e.g., mail.example.com).
Step 4: If you find multiple certificates with the same name, delete all of them.
Step 5: Restart Mail and see if the problem is resolved.
Method 4: Disable or Configure Security Software
Step 1: Temporarily disable your firewall, antivirus software, or VPN.
Step 2: Open Mail and check if the error persists.
Step 3: If disabling the software resolves the issue, re-enable it and configure it to allow connections to your email server. You may need to add an exception for the Mail application or the specific email server's domain.
Method 5: Re-add Your Email Account
Step 1: Remove the email account from Mail (Mail -> Preferences -> Accounts, select the account, and click the minus (-) button).
Step 2: Add the account back to Mail (Mail -> Preferences -> Accounts, click the plus (+) button and follow the prompts).
Step 3: Double-check that your incoming and outgoing server settings (including ports and SSL/TLS settings) are correct. Refer to your email provider's documentation for the correct settings.