Difference between Certificate Verify Level of Smart VPN iOS APP

During the initiation of an SSL connection, the client will verify the server's identity by checking the certificate provided by the server. As an SSL client, Smart VPN iOS App can select different verification levels since version 1.3. To change the verification level, go to Setting >> CERTIFICATE and tap Verify Level. There are three levels to choose, Basic, Match server name, and Verify Root CA. Users can use a verification level that matches their needs. This note is going to explain the differences between them.

Basic

In this mode, the iPhone will not verify the server's identity. SSL VPN can be established as long as the VPN server, username, and password are correct. Users may use this mode if the SSL VPN server is not able to provide a certificate.

Match server name

In this mode, the VPN server must provide a certificate, and the common name in the certificate must match the IP or hostname that the iPhone is connecting.

Verify Root CA

This mode provides the strongest security. In this mode, the iPhone will even verify the root certificate authority (CA) signed the certificate provided by the VPN server. SSL VPN will be established only if the server provides a certificate that is signed by a verified root CA.

To verify the router's certificate during SSL connections, please refer to the article Enable Server Authentication for SSL VPN