IMAP Cert problems are showstopperSupport


Last Updated:

  1. LexD

    LexD New Member This Topic's Starter

    Joined:
    May 2, 2010
    Messages:
    1
    Likes Received:
    0
    Connecting to my IMAPS server(from the Incredible) always fails . Prior threads recommend "SSL when available" as a solution. The DI does not offer that option.
    Tracing the connection attempt with ssldump, shows that the client (DI) throws an "SSLalert" packet to the server after completing the SSL handshake and then closes the connection.

    No message is presented to the user! The setup just stalls and never proceeds to the outbound server.

    I am looking for the Cert store within Android, or methods to add my own Root cert to the store. My server works with browsers, iPhone, iPod Touch, and an older Motorola Droid.

    I have 3 weeks to solve this or this puppy goes back to VZW.
     

    Advertisement
  2. russell5

    russell5 Well-Known Member

    Joined:
    Nov 7, 2009
    Messages:
    206
    Likes Received:
    19
    Im not sure if this is what your looking for but you can try.

    menu>settings>security>install from sd card
     
  3. bwthor

    bwthor Well-Known Member

    Joined:
    Mar 8, 2010
    Messages:
    83
    Likes Received:
    31
    Agreed, I'm shocked this is a problem. The stock Android email has the option of SSL (accept all certificates), but the HTC version doesn't.

    Our organization uses GoDaddy and the issuer of the cert is valicert.com. Anyone else having troubles with this combo?
     
  4. bwthor

    bwthor Well-Known Member

    Joined:
    Mar 8, 2010
    Messages:
    83
    Likes Received:
    31
    Sorry to bump, but this is a big issue. Anyone know of a fix?
     
  5. xyzsb

    xyzsb Active Member

    Joined:
    Apr 1, 2010
    Messages:
    30
    Likes Received:
    7
    not entirely sure if this is a solution, but you can try k-9 mail (it's based on the stock android mail client) and it lets you accept self signed certificates so it will probably prompt you to accept godaddy-valicert certs.

    fwiw i did try the htc mail with a server that uses godaddy certificates and it worked fine. the server has to send the entire chain.
     
  6. jmdwifi

    jmdwifi Active Member

    Joined:
    Mar 29, 2010
    Messages:
    31
    Likes Received:
    1
    I worked with verizon tech support on this today. It has been bumped up to HTC because they were able to duplicate the issue with a test phone. I use ssl at work and after hitting next at the incoming mail server settings page, it just goes back to the page. That is with manual setup, with the wizard it errors out with a "no response from mail server" message. The mail setup worked fine on my eris and still does on my wifes eris ( we both work for the school system here) The incredible is not accepting the certificate for some reason. I told him we have about 20 days to solve or I'll have to go back to the eris. I really hope they fix it because this phone kicks the eris's ass in every other way.
     
    bwthor likes this.
  7. bwthor

    bwthor Well-Known Member

    Joined:
    Mar 8, 2010
    Messages:
    83
    Likes Received:
    31
    At my place of work, neither of Verizon's HTC andriod phones work. I've tested with the Android emulator, version 1.6 and 2.1 and all is well. The latter two both have the SSL accept any certificate option whereas the HTC Sense ones do not.
     
    xyzsb likes this.
  8. xyzsb

    xyzsb Active Member

    Joined:
    Apr 1, 2010
    Messages:
    30
    Likes Received:
    7
    btw- are the certificates in question wildcard certs?

    i can see the problems with self-signed certificates. couldn't replicate this with regular godaddy or godaddy ucc certificates and htc mail app. don't have a server with wild card certs to test this out.
     
  9. bwthor

    bwthor Well-Known Member

    Joined:
    Mar 8, 2010
    Messages:
    83
    Likes Received:
    31
    I can't say for sure, but I'm guessing ours is using wildcard certs. Our secure web sites and email use the same domain.
     
  10. xyzsb

    xyzsb Active Member

    Joined:
    Apr 1, 2010
    Messages:
    30
    Likes Received:
    7
    thanks. you can go to your website (the https one) and look up the certificate. it should be issued to *.domain.com etc. instead of host.domain.com or domain.com

    btw- i do think both htc and google should fix this. the fix for stock android is not entirely ideal.

    Issue 1016
     
  11. heavi5ide

    heavi5ide Member

    Joined:
    May 5, 2010
    Messages:
    7
    Likes Received:
    2
    There was a similar thread and someone came up with a solution and posted on the HTC community forums. I'm pasting in my summary of the solution here:

    There was another thread several days ago about this, and a solution was posted. I have a Dreamhost hosted domain for my e-mail, and wanted to use SSL authentication for encrypted communication with the server, and had a similar certificate problem. Basically, the solution is:
    1. Connect your phone to the Internet via your Wifi router.
    2. Unplug your cable/dsl modem from your Wifi router so you can't access the Internet.
    3. Do the mail setup -- when Mail can't access the Internet to check your server settings, it will tell you, and you have the option to continue anyway. Do so.
    4. Once mail setup is complete, plug your cable/dsl modem back into the Wifi router.
    5. Launch mail. When it tries to connect using the settings you put in, it will now ask you if you want to accept the certificate. Once you accept, you'll never have to do it again.
    It seems like the problem is just that the Mail app doesn't give you this option during the setup process. It doesn't even tell you why it won't accept your settings -- it just doesn't move on to the next step. Pretty annoying issue.


    Here's a link to the thread where someone originally posted a solution: Sense Mail application does not accept self signed certificates? - DROID INCREDIBLE by HTC (Verizon) - Android Forums - HTC Community



    Nick
     
    xyzsb likes this.
  12. jmdwifi

    jmdwifi Active Member

    Joined:
    Mar 29, 2010
    Messages:
    31
    Likes Received:
    1
    I have my mail working. I went into Setting/Applications and then checked the unknown sources box. I went through my mail setup again and this time it prompted me with certificate acceptance warning. I accepted and all is well. I went back and unchecked the box and my mail works fine.
     
  13. rortt

    rortt Member

    Joined:
    Apr 21, 2010
    Messages:
    5
    Likes Received:
    0
    Heavi5IDe,

    Much Thanks! Secure IMAP is now working as long as I stay on this side of the pond.

    Let's Go!
     
  14. goraxan

    goraxan New Member

    Joined:
    May 25, 2010
    Messages:
    1
    Likes Received:
    0
    This workaround is not working for me.
    I can configure the IMAP account unpluging the DSL cable but when I plug it again and check it for incoming mails, the same warning that appeared during the setup (having pluged the DSL cable) appears now and even if I click on "continue" it remains warning me... :(
     

Share This Page

Loading...