We have been using a self signed certificate with email on iphones for many years, recently it will not work correctly with message Cannot Get Mail Unable to create a secure connection to the server ("bad certificate format" -9,808)
Sometimes if I delete an email account and re-create it, it will work for a day and then stop working again with this error. Sometime a new account will faile immediatly with this error.
iPhone 13, iOS 18
The error code "-9,808" along with the message "bad certificate format" is commonly associated with issues in cryptographic or secure communication libraries, particularly those dealing with SSL/TLS certificates.
Common Context and Meaning
This error generally indicates that the software or system trying to process a digital certificate found it to be malformed, corrupted, or non-compliant with the expected format (usually X.509).
Code: -9,808
Message: "bad certificate format"
System/Library: Often seen in systems using Apple's Security Framework (Secure Transport/CommonCrypto) or similar low-level security libraries, though the specific code may vary slightly across platforms (e.g., it can sometimes translate to SSL_ERROR_BAD_CERT_FORMAT in other systems).
Potential Causes
The certificate that the system is trying to read (which could be a server certificate, a client certificate, or a root/intermediate certificate) has a structural problem. Key reasons include:
Corruption: The certificate file was damaged during download, transfer, or storage.
Incorrect Encoding: Certificates are typically encoded in DER (binary) or PEM (Base64 text). If the software is expecting one format but receives the other, it can throw this error.
Extra/Missing Data: The certificate file might contain extraneous data before or after the main certificate block (e.g., extra characters outside of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- markers in a PEM file).
Parsing Error: The internal structure (TLV—Tag-Length-Value) of the certificate data within the file is invalid or incorrectly constructed according to the X.509 standard.
Troubleshooting Steps
To resolve this issue, you should investigate the certificate file itself:
Reacquire the Certificate: Try downloading or obtaining a fresh copy of the certificate file to rule out corruption.
Verify Format/Encoding: Check if the application expects a specific format (e.g., PEM, DER, PFX/PKCS#12) and ensure the file is correctly encoded. Tools like openssl x509 -text -noout -in cert.pem can help diagnose the file's readability and content.
Inspect PEM Boundaries: If it's a PEM file, ensure there is no data outside of the standard BEGIN and END lines and that the base64 content is valid.
Check Chain Files: If the error occurs when loading a certificate chain (bundle), check that each certificate in the file is correctly formatted and separated.
I have verified the certificate is correct, we have been using it for the past 6 years. I created a new certificate and tried to create a new account. The new account verified and displays the new certificate, I trust the new certificate and the account finishes being created. I go to my new mail account and get the same exact error on the incoming mail, however I can send mail with no problem. I have had issues with apple IOS mail program stop working and had the delete the account and re-create it. This usually solves the problem that the IOS update caused. Not this time???? I think IOS changed something again, just can not figure a way around the issue.
setup email account on ios 18 with self signed certificate
