It’s always unsettling to see a warning that suggests something malicious is happening. Such is the case with a warning that may appear when an app or operating system “cannot verify server identity” in iOS or iPadOS or “cannot verify server identity” in macOS.

The intent of this notice is to ensure that no secure connection made through a web browser, email client, or other software has been compromised by a man-in-the-middle (MitM) attack. In such a situation, an attacker tries to trick you into accepting a different digital certificate to connect than the one associated with the web server host and domain name that your device wants to reach.

Third parties—called certificate authorities (CAs)—cryptographically sign the digital certificates, identity documents that servers provide when a browser or other software client makes a secure connection. The CAs also have signatures that operating systems and browsers build into their release versions. When an app tries to establish a secure connection, it retrieves a server’s digital certificate and validates that the certificate has a legitimate signature from a CA by checking it against its local store. (These CA countersignatures are tied to powerful cryptographic algorithms, and an attacker cannot forge them without causing an error.)

It is quite rare in practice to encounter this kind of attack in the last several years because operating systems and browsers have become quite vocal about warning about a problem or even making it difficult to find out how to work around it.

A malicious certificate can ruin your whole day, but it’s usually just a Wi-Fi gateway block.

With Apple’s warning, you can click Continue and authorize a connection using the wrong certificate. You should never accept this unless you know exactly why it happened. (The only time this makes sense is for a project hosted on a local network or run by an organization you know that doesn’t obtain a third-party validated certificate. Even then, you’d get a profile to install a “self – signed” certificate before making a connection that triggered a warning.)

Where you typically see this issue is when you connect to a Wi-Fi hotspot before you’ve authenticated through a portal page. Until you have clicked an Accept button, paid for the service or logged in, you can only reach the portal page – the rest of the internet is disconnected.

As a result, if any apps on your iPhone, iPad, or Mac try to connect to a secure website, the network returns the certificate of its local hotspot portal server. Therefore you get an error as that certificate is not the right one.

Tap or click to bypass the problem Cancel on any message that appears. Then either log into the hotspot network if that’s an option or disconnect from it. You can use Control Center in iOS, iPadOS, or macOS to temporarily disable Wi-Fi: Tap or click the Wi-Fi icon.

Forget a Wi-Fi network to remove one you can’t approve.

Or you can “forget” the Wi-Fi network from your saved settings, which disconnects your device and doesn’t automatically reconnect to the same network:

In iOS/iPadOS, go to Settings > Wireless Internettap in the info icon to the right of the connected network, tap Forget this networkand confirm.

Open in macOS System Preferences > Networkselect the Wi-Fi network in the interface list on the left, click Advancedselect the network i Wireless Internet tab and click the minus button and confirm by clicking Remove.

This Mac 911 article is in response to a question submitted by Macworld reader David.

Ask Mac 911

We’ve compiled a list of the questions we’re asked most often, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Send your email to mac911@macworld.com, including screenshots as needed and if you want your full name used. Not all questions will be answered, we do not respond to email and we cannot provide direct troubleshooting advice.