1. Check out our companion app, Forums for Android! Download from Google Play

Support IMAP Cert problems are showstopper

Discussion in 'Android Devices' started by LexD, May 2, 2010.

  1. LexD

    LexD New Member
    Thread Starter
    5

    May 2, 2010
    1
    0
    5
    Connecting to my IMAPS server(from the Incredible) always fails . Prior threads recommend "SSL when available" as a solution. The DI does not offer that option.
    Tracing the connection attempt with ssldump, shows that the client (DI) throws an "SSLalert" packet to the server after completing the SSL handshake and then closes the connection.

    No message is presented to the user! The setup just stalls and never proceeds to the outbound server.

    I am looking for the Cert store within Android, or methods to add my own Root cert to the store. My server works with browsers, iPhone, iPod Touch, and an older Motorola Droid.

    I have 3 weeks to solve this or this puppy goes back to VZW.
     

    Advertisement

  2. russell5

    russell5 Well-Known Member
    58

    Nov 7, 2009
    206
    19
    58
    Im not sure if this is what your looking for but you can try.

    menu>settings>security>install from sd card
     
  3. bwthor

    bwthor Well-Known Member
    23

    Mar 8, 2010
    83
    31
    23
    Agreed, I'm shocked this is a problem. The stock Android email has the option of SSL (accept all certificates), but the HTC version doesn't.

    Our organization uses GoDaddy and the issuer of the cert is valicert.com. Anyone else having troubles with this combo?
     
  4. bwthor

    bwthor Well-Known Member
    23

    Mar 8, 2010
    83
    31
    23
    Sorry to bump, but this is a big issue. Anyone know of a fix?
     
  5. xyzsb

    xyzsb Active Member
    16

    Apr 1, 2010
    30
    7
    16
    not entirely sure if this is a solution, but you can try k-9 mail (it's based on the stock android mail client) and it lets you accept self signed certificates so it will probably prompt you to accept godaddy-valicert certs.

    fwiw i did try the htc mail with a server that uses godaddy certificates and it worked fine. the server has to send the entire chain.
     
  6. jmdwifi

    jmdwifi Active Member
    16

    Mar 29, 2010
    31
    1
    16
    Wireless network engineer
    Virginia
    I worked with verizon tech support on this today. It has been bumped up to HTC because they were able to duplicate the issue with a test phone. I use ssl at work and after hitting next at the incoming mail server settings page, it just goes back to the page. That is with manual setup, with the wizard it errors out with a "no response from mail server" message. The mail setup worked fine on my eris and still does on my wifes eris ( we both work for the school system here) The incredible is not accepting the certificate for some reason. I told him we have about 20 days to solve or I'll have to go back to the eris. I really hope they fix it because this phone kicks the eris's ass in every other way.
     
    bwthor likes this.
  7. bwthor

    bwthor Well-Known Member
    23

    Mar 8, 2010
    83
    31
    23
    At my place of work, neither of Verizon's HTC andriod phones work. I've tested with the Android emulator, version 1.6 and 2.1 and all is well. The latter two both have the SSL accept any certificate option whereas the HTC Sense ones do not.
     
    xyzsb likes this.
  8. xyzsb

    xyzsb Active Member
    16

    Apr 1, 2010
    30
    7
    16
    btw- are the certificates in question wildcard certs?

    i can see the problems with self-signed certificates. couldn't replicate this with regular godaddy or godaddy ucc certificates and htc mail app. don't have a server with wild card certs to test this out.
     
  9. bwthor

    bwthor Well-Known Member
    23

    Mar 8, 2010
    83
    31
    23
    I can't say for sure, but I'm guessing ours is using wildcard certs. Our secure web sites and email use the same domain.
     
  10. xyzsb

    xyzsb Active Member
    16

    Apr 1, 2010
    30
    7
    16
    thanks. you can go to your website (the https one) and look up the certificate. it should be issued to *.domain.com etc. instead of host.domain.com or domain.com

    btw- i do think both htc and google should fix this. the fix for stock android is not entirely ideal.

    Issue 1016
     
  11. heavi5ide

    heavi5ide Member
    6

    May 5, 2010
    7
    2
    6
    Brooklyn, NY
    There was a similar thread and someone came up with a solution and posted on the HTC community forums. I'm pasting in my summary of the solution here:

    There was another thread several days ago about this, and a solution was posted. I have a Dreamhost hosted domain for my e-mail, and wanted to use SSL authentication for encrypted communication with the server, and had a similar certificate problem. Basically, the solution is:
    1. Connect your phone to the Internet via your Wifi router.
    2. Unplug your cable/dsl modem from your Wifi router so you can't access the Internet.
    3. Do the mail setup -- when Mail can't access the Internet to check your server settings, it will tell you, and you have the option to continue anyway. Do so.
    4. Once mail setup is complete, plug your cable/dsl modem back into the Wifi router.
    5. Launch mail. When it tries to connect using the settings you put in, it will now ask you if you want to accept the certificate. Once you accept, you'll never have to do it again.
    It seems like the problem is just that the Mail app doesn't give you this option during the setup process. It doesn't even tell you why it won't accept your settings -- it just doesn't move on to the next step. Pretty annoying issue.


    Here's a link to the thread where someone originally posted a solution: Sense Mail application does not accept self signed certificates? - DROID INCREDIBLE by HTC (Verizon) - Android Forums - HTC Community



    Nick
     
    xyzsb likes this.
  12. jmdwifi

    jmdwifi Active Member
    16

    Mar 29, 2010
    31
    1
    16
    Wireless network engineer
    Virginia
    I have my mail working. I went into Setting/Applications and then checked the unknown sources box. I went through my mail setup again and this time it prompted me with certificate acceptance warning. I accepted and all is well. I went back and unchecked the box and my mail works fine.
     
  13. rortt

    rortt Member
    5

    Apr 21, 2010
    5
    0
    5
    Heavi5IDe,

    Much Thanks! Secure IMAP is now working as long as I stay on this side of the pond.

    Let's Go!
     
  14. goraxan

    goraxan New Member
    5

    May 25, 2010
    1
    0
    5
    This workaround is not working for me.
    I can configure the IMAP account unpluging the DSL cable but when I plug it again and check it for incoming mails, the same warning that appeared during the setup (having pluged the DSL cable) appears now and even if I click on "continue" it remains warning me... :(
     

Share This Page

Loading...