Invalid certificate

[JH]

Hi,

I have installed K9 on my Nexus 4 running Android 5 and set it to access my two Hotmail accounts. One is a Hotmail.com account, the other Hotmail.co.uk. My settings are;

IMAP server imap-mail.outlook.com

Security SSL/TLS

Port 993

Username x...@hotmail.com or .co.uk

Authentication Normal pw

Password ...............

Auto detect IMAP namespace (ticked)

SMTP server SMTP.live.com

Security Starttls
Port 587

Require sign in (ticked)

Username x...@hotmail.com or .co.uk

Authentication Normal pw

Password  ..............

and it works. Except every second day or so I get a message "invalid certificate" for one or both accounts. If I pull up the account information and hit "next" it's happy again for another couple of days.

I don't understand why it works for a while, then hiccoughs and then continues happily on the same settings.

Any ideas?

Thanks,

John

[Richard]

------------ Original Message ------------
> Date: Sunday, November 30, 2014 07:36:14 -0800
> From: JH <johnhol...@gmail.com>
> To: k-9-...@googlegroups.com
> Subject: [k-9-mail] Invalid certificate
>
> Hi,
> I have installed K9 on my Nexus 4 running Android 5 and set it to
> access my two Hotmail accounts. One is a Hotmail.com account, the
> other Hotmail.co.uk. My settings are;
>

> IMAP server *imap-mail.outlook.com* <http://imap-mail.outlook.com/>

> Security SSL/TLS
> Port 993
> Username x...@hotmail.com or .co.uk
> Authentication Normal pw
> Password ...............
> Auto detect IMAP namespace (ticked)
>
>

> SMTP server *SMTP.live.com* <http://smtp.live.com/>

> Security Starttls
> Port 587
> Require sign in (ticked)
> Username x...@hotmail.com or .co.uk
> Authentication Normal pw
> Password ..............
>
> and it works. Except every second day or so I get a message
> "invalid certificate" for one or both accounts. If I pull up the
> account information and hit "next" it's happy again for another
> couple of days.
>
> I don't understand why it works for a while, then hiccoughs and
> then continues happily on the same settings.
>
> Any ideas?
>
> Thanks,
> John

I encountered this same (cert refresh) issue on a recent trip to the
UK. In the US I never see this (after initial install) on my
nexus-5/android-5/k9-5.001 device using SSL against self-signed
certs on my US-based mail server. But in the UK I got it daily, so
am wondering if there is caching somewhere (e.g., the provider - I
was mostly on vodafone/uk) that is causing this. I will note,
however, that I don't remember seeing it on previous UK trips, when
I would have been using android-4.x and earlier releases of K9.

- Richard

[sjb]

On 30/11/14 16:46, Richard wrote:

> I encountered this same (cert refresh) issue on a recent trip to the
> UK. In the US I never see this (after initial install) on my
> nexus-5/android-5/k9-5.001 device using SSL against self-signed

I've also been getting this on all of my gmail accounts, seemingly once
a day. The behaviour started after I performed a factory reset on my
Nexus 5, flashed the Lollipop factory image and installed K-9 from the
app store .. must have been 2 weeks ago now?

All of the gmail accounts (I have 5 configured) spit up the invalid
certificate message, seemingly all at the same time. Tapping the
notification and then Next dismisses the notification, only for it to
reappear the next day.

sjb

[John Holden]

Hmm, thanks peeps. Maybe I'm not doing anything wrong, maybe there's a bug.

Thanks,

John

--
--
You received this message because you are subscribed to the K-9 Mail Users List.
To post to this group, send email to k-9-...@googlegroups.com
To unsubscribe, email k-9-mail+unsubscribe@googlegroups.com
To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list
For more options, visit this group at http://groups.google.com/group/k-9-mail

--- You received this message because you are subscribed to a topic in the Google Groups "K-9 Mail" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/k-9-mail/-ggs6Mo61JA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to k-9-mail+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Seth H Holmes]

Could be an issue with a particular certificate authority. Generally when you get the invalid cert notification you can pull up more details.
--
Seth H Holmes
Sent from my Nexus 7 with K-9 Mail. Please excuse my brevity.

[Richard]

> Could be an issue with a particular certificate authority.
> Generally when you get the invalid cert notification you can pull
> up more details. --
> Seth H Holmes

In my case it's a self-signed cert, so once accepted that should be
it.

These missives came as notifications (the same way a non-delivery
shows up). Clicking through to the incoming/outgoing server setup
(where one is normally presented with the cert details and asked to
accept or not) didn't show any cert details, rather just returned
one to the initial fetching/sending mail options page -- and the
error notification went away for ~24 hours.

As I noted, I only saw this when using the device in the UK
recently. I never see it when in the US.

- Richard

[Anders]

Happens to my wife's nexus5 too after upgrade to lollipop. She never said anything about reinstalling apps, so i guess it's the same k9 version as before (which worked Ok).

She claims the cert failures only arrive when on cellular, never wifi.

Anders

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

[sjb]

Richard wrote on 01/12/14 05:28:

> As I noted, I only saw this when using the device in the UK
> recently. I never see it when in the US.

I see the same errors and I live in the UK - different carrier though as
I'm on 'three' (Hutchinson). Another poster mentioned that the errors
may only show up on a mobile network, but I can't say with 100%
certainty that I see the same .. although it could be correct. I work
from home so my phone spends the vast majority of its time connected to
my WiFi, but I have noticed several times that I see the error messages
appear when I'm on the school run. I've already dismissed today's
notifications (while I was on mobile data), but I'll pay more attention
to when and where they next show up.

[sjb]

sjb wrote on 01/12/14 08:44:

> notifications (while I was on mobile data), but I'll pay more attention
> to when and where they next show up.

Looks like there may be something to the mobile networks only theory.

Attached is an extract from logcat for one of my accounts which seems to
indicate that the SSL connection timed out (this was when I left the
WiFi network and connected to a patchy mobile network). Maybe the
timeout is then (mis-)classified as a CertificateValidationException?

sjb

[Jon Cowell]

I have a similar issue on my Nexus 5 since upgrading to Android 5.0 (OTA) in the UK.

If I turn WiFi off or move out of range of the currently connected WiFi network and move to mobile data (O2), I get a notification for each of the IMAP email accounts in K9 - "Certificate Error for x...@yyy.com". Tapping on the notification takes me to the account settings for that email address and all settings are correct.

I have 5 IMAP email accounts hosted with UK2.net using STARTTLS and one IMAP account at gmail using SLL/TLS and they all exhibit the same behaviour. They also seem to continue sending and receiving email despite the notifications.

On the same phone I have my gmail mail account set up in the default gmail app and this does not exhibit these issues.

I am using K9 v5.001 in which I notice that SSl/TLS session caching has been removed. Could this (ironically) be causing the issue?

Jon

[Ethan H]

I have seen the same behavior since upgrading to Lollipop. K9 Mail routinely gives certificate errors for a range of email services usually when switching from cellular to wi-fi connection. Having to hit "Next" on half a dozen accounts is tiresome. As an experiment I switched two accounts (using different email services and certificates) to GMail. No certificate errors.

Two of my co-workers experience the same behavior. All of us are using Nexus 5 phones, and received the OTA update to Lollipop at about the same time.