Is this a bug or a support request? If it's a support request, please join the discussion mailing list at http://groups.google.com/group/k-9-mail and ask there.

What's going wrong?

Have you looked for another ticket that might already be about your bug? If not, visit http://code.google.com/p/k9mail/issues/searchtips before submitting this bug report.

What steps will reproduce the problem? 1. On first First time setting up the k9 mail I get a message to accept or reject key. See screen shot and the log 2. Next time I get connection error 3. I don't get this problem in any other outlook email client or web browser and iPhone also works perfect.

Hope you will look into this issue.

Thanks

What do you expect to have happen?

What do you see instead?

What version of K-9 are you using?

Is your email account a POP account, Exchange Account or an IMAP account?

In order for us to have a chance at helping you with a complex issue, we're going to need a debug log from your phone. You can dramatically increase the chances of a quick and successful resolution to this issue by following the directions at https://github.com/k9mail/k-9/wiki/LoggingErrors -- If you can't give us a trace, there's a pretty good chance that we won't be able to act on your bug report.

What else should we know?

did you press "Accept key" ? If so can you please provide an debug log? https://github.com/k9mail/k-9/wiki/LoggingErrors

Yes I pressed the accept key. Please see attached the log. Thanks for quick action

Somehow not able to attach file

I/k9 (18804): url = https://ukroh.firstsource.com:443/Exchange/kapil.kalra%40firstsource.com I/k9 (18804): Requesting gzipped data I/k9 (18804): url = https://ukroh.firstsource.com:443/Exchange/kapil.kalra%40firstsource.com I/k9 (18804): Requesting gzipped data E/k9 (18804): Error during authentication: javax.net.ssl.SSLException: Not trusted server certificate E/k9 (18804): Stack: javax.net.ssl.SSLException: Not trusted server certificate E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:382) E/k9 (18804): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92) E/k9 (18804): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) E/k9 (18804): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164) E/k9 (18804): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) E/k9 (18804): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) E/k9 (18804): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348) E/k9 (18804): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) E/k9 (18804): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore$WebDavHttpClient.executeOverride(WebDavStore.java:2339) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:589) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.checkSettings(WebDavStore.java:235) E/k9 (18804): at com.fsck.k9.activity.setup.AccountSetupCheckSettings$1.run(AccountSetupCheckSettings.java:116) E/k9 (18804): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168) E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:377) E/k9 (18804): ... 12 more E/k9 (18804): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 (18804): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149) E/k9 (18804): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202) E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164) E/k9 (18804): ... 13 more E/k9 (18804): Error while testing settings E/k9 (18804): com.fsck.k9.mail.MessagingException: Error during authentication E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:612) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.checkSettings(WebDavStore.java:235) E/k9 (18804): at com.fsck.k9.activity.setup.AccountSetupCheckSettings$1.run(AccountSetupCheckSettings.java:116) E/k9 (18804): Caused by: javax.net.ssl.SSLException: Not trusted server certificate E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:382) E/k9 (18804): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92) E/k9 (18804): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) E/k9 (18804): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164) E/k9 (18804): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) E/k9 (18804): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) E/k9 (18804): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348) E/k9 (18804): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) E/k9 (18804): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore$WebDavHttpClient.executeOverride(WebDavStore.java:2339) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:589) E/k9 (18804): ... 2 more E/k9 (18804): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168) E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:377) E/k9 (18804): ... 12 more E/k9 (18804): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 (18804): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149) E/k9 (18804): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202) E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164) E/k9 (18804): ... 13 more I/k9 (18804): url = https://ukroh.firstsource.com:443/Exchange/kapil.kalra%40firstsource.com I/k9 (18804): Requesting gzipped data I/k9 (18804): url = https://ukroh.firstsource.com:443/Exchange/kapil.kalra%40firstsource.com I/k9 (18804): Requesting gzipped data E/k9 (18804): Error during authentication: javax.net.ssl.SSLException: Not trusted server certificate E/k9 (18804): Stack: javax.net.ssl.SSLException: Not trusted server certificate E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:382) E/k9 (18804): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92) E/k9 (18804): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) E/k9 (18804): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164) E/k9 (18804): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) E/k9 (18804): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) E/k9 (18804): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348) E/k9 (18804): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) E/k9 (18804): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore$WebDavHttpClient.executeOverride(WebDavStore.java:2339) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:589) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.checkSettings(WebDavStore.java:235) E/k9 (18804): at com.fsck.k9.activity.setup.AccountSetupCheckSettings$1.run(AccountSetupCheckSettings.java:116) E/k9 (18804): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168) E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:377) E/k9 (18804): ... 12 more E/k9 (18804): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 (18804): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149) E/k9 (18804): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202) E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164) E/k9 (18804): ... 13 more E/k9 (18804): Error while testing settings E/k9 (18804): com.fsck.k9.mail.MessagingException: Error during authentication E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:612) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.checkSettings(WebDavStore.java:235) E/k9 (18804): at com.fsck.k9.activity.setup.AccountSetupCheckSettings$1.run(AccountSetupCheckSettings.java:116) E/k9 (18804): Caused by: javax.net.ssl.SSLException: Not trusted server certificate E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:382) E/k9 (18804): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92) E/k9 (18804): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) E/k9 (18804): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164) E/k9 (18804): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) E/k9 (18804): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) E/k9 (18804): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348) E/k9 (18804): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) E/k9 (18804): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore$WebDavHttpClient.executeOverride(WebDavStore.java:2339) E/k9 (18804): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:589) E/k9 (18804): ... 2 more E/k9 (18804): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168) E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:377) E/k9 (18804): ... 12 more E/k9 (18804): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 (18804): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149) E/k9 (18804): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202) E/k9 (18804): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164) E/k9 (18804): ... 13 more I/k9 (18804): Upgrading database from version 0 to version 42 I/k9 (18804): Committing preference changes I/k9 (18804): Preferences commit took 486ms I/k9 (18804): Committing preference changes I/k9 (18804): Preferences commit took 83ms I/k9 (18804): Committing preference changes I/k9 (18804): Preferences commit took 24ms I/k9 (18804): AutoSync help is available, autoSync = true I/k9 (18804): Committing preference changes I/k9 (18804): Preferences commit took 730ms I/k9 (18804): Committing preference changes I/k9 (18804): Preferences commit took 131ms

what version of k9 are you currently using? the bug may be fixed already in master.

but you can try to remove the account and rerun account setup. This sometimes helps.

hi the change is not yet included in an official build of k9. therefor i have created an debug build for you:

http://stinkt.kicks-ass.org/K9-debug.apk

you have to point your android browser to this url and then install the k9. IMPORTANT: This version can't be updated, nor used beside the market version. So you HAVE TO remove the installed version befor install this apk.

Please confirm that this version works, then we can move the changes to the official version.

Comment deleted

Followed the suggested steps but still not working. See the log below

I/k9 ( 6521): Requesting gzipped data E/k9 ( 6521): Error during authentication: javax.net.ssl.SSLException: Not trusted server certificate E/k9 ( 6521): Stack: javax.net.ssl.SSLException: Not trusted server certificate E/k9 ( 6521): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:382) E/k9 ( 6521): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92) E/k9 ( 6521): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) E/k9 ( 6521): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164) E/k9 ( 6521): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) E/k9 ( 6521): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) E/k9 ( 6521): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348) E/k9 ( 6521): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) E/k9 ( 6521): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore$WebDavHttpClient.executeOverride(WebDavStore.java:2366) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:590) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.sendRequest(WebDavStore.java:953) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.processRequest(WebDavStore.java:1031) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.processRequest(WebDavStore.java:1006) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.access$500(WebDavStore.java:63) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore$WebDavFolder.getMessageCount(WebDavStore.java:1224) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore$WebDavFolder.getMessageCount(WebDavStore.java:1238) E/k9 ( 6521): at com.fsck.k9.controller.MessagingController.synchronizeMailboxSynchronous(MessagingController.java:942) E/k9 ( 6521): at com.fsck.k9.controller.MessagingController.access$400(MessagingController.java:81) E/k9 ( 6521): at com.fsck.k9.controller.MessagingController$8.run(MessagingController.java:823) E/k9 ( 6521): at com.fsck.k9.controller.MessagingController.run(MessagingController.java:276) E/k9 ( 6521): at java.lang.Thread.run(Thread.java:1096) E/k9 ( 6521): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 ( 6521): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168) E/k9 ( 6521): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:377) E/k9 ( 6521): ... 21 more E/k9 ( 6521): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 ( 6521): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149) E/k9 ( 6521): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202) E/k9 ( 6521): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164) E/k9 ( 6521): ... 22 more E/k9 ( 6521): synchronizeMailbox E/k9 ( 6521): com.fsck.k9.mail.MessagingException: Error during authentication E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:613) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.sendRequest(WebDavStore.java:953) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.processRequest(WebDavStore.java:1031) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.processRequest(WebDavStore.java:1006) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.access$500(WebDavStore.java:63) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore$WebDavFolder.getMessageCount(WebDavStore.java:1224) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore$WebDavFolder.getMessageCount(WebDavStore.java:1238) E/k9 ( 6521): at com.fsck.k9.controller.MessagingController.synchronizeMailboxSynchronous(MessagingController.java:942) E/k9 ( 6521): at com.fsck.k9.controller.MessagingController.access$400(MessagingController.java:81) E/k9 ( 6521): at com.fsck.k9.controller.MessagingController$8.run(MessagingController.java:823) E/k9 ( 6521): at com.fsck.k9.controller.MessagingController.run(MessagingController.java:276) E/k9 ( 6521): at java.lang.Thread.run(Thread.java:1096) E/k9 ( 6521): Caused by: javax.net.ssl.SSLException: Not trusted server certificate E/k9 ( 6521): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:382) E/k9 ( 6521): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92) E/k9 ( 6521): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) E/k9 ( 6521): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164) E/k9 ( 6521): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) E/k9 ( 6521): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) E/k9 ( 6521): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348) E/k9 ( 6521): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) E/k9 ( 6521): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore$WebDavHttpClient.executeOverride(WebDavStore.java:2366) E/k9 ( 6521): at com.fsck.k9.mail.store.WebDavStore.authenticate(WebDavStore.java:590) E/k9 ( 6521): ... 11 more E/k9 ( 6521): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 ( 6521): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168) E/k9 ( 6521): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:377) E/k9 ( 6521): ... 21 more E/k9 ( 6521): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. E/k9 ( 6521): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149) E/k9 ( 6521): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202) E/k9 ( 6521): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164) E/k9 ( 6521): ... 22 more E/k9 ( 6521): Failed synchronizing folder Firstsource :INBOX @ Tue Sep 27 06:29:21 GMT+01:00 2011 I/k9 ( 6521): AutoSync help is available, autoSync =

please us the "attach a file" link below the comment box (only visable when it has the focus) in the future.

is it possible to provide me an test account on the server?

Sorry about pasting long log, in fact I wasn't able to attach text file for some reason. It will be very difficult as I don't work in IT department and getting approval for test account will be hard to justify. I can try to find out answers for your questions, though. Also, on my iphone when the server address gets changed to ukmail.xxxx.com. automatically although i enter ukroh.xxxxxx.com, just thought of sharing with you

hmm another server name may be the cause of the trouble because an ssl certificate belongs to one hostname. Did you try entering the 2nd one? (that was automaticaly changed on the iphone) Does it work on the iphone (same server, same settings) ?

Yes, I tried but no luck. We are given iPhones for work instead of blackberries. And it emails work with no problem at all.

can you please try setting encryption to "if available" and to no encryption at all.

Tried both options still not working. It doesn't ask to accept the certificate under these two options.

same error message in the logs? Even if you select to encryption?

If I select no encryption/ if available then I don't even get the option to accept the certificate. In the it isn't able to check the settings. On selecting encryption it is giving the same error - invalid certificate path. I also tried the IP address but no luck. One more point if give IP address of the other server ukmail.xxxxxxx.com then it goes into a loop and keeps on asking me to accept certificate, pop message will stop only once I reject the certificate, not sure if this is of any help.

hmm sounds strange (the repeated dialogs) can you please record a debug log while creating your accounts? Maybe there is a problem storing the certificate. (please attach the log)

Did you guys were able to find out the solution because i have installed K-9 today only & find the same error.

same error here with smtp setting

is this still an issue with the newest developer version? (4.1xx)

please report a debug log: https://github.com/k9mail/k-9/wiki/LoggingErrors

I have had this issue on K-9 ever since I switched away from plain text passwords. I love K-9 but can't use it because of this.

I was hoping it'd be fixed in version 4.200 but it persists.

My mailserver is on a VPS with a self-signed certificate. I connect fine in/out with SSL on Thunderbird, Outlook, Evolution, and the (horrible) stock Android mail. I only get this problem with K-9 and haven't been able to use it for 3 years. I really really want to use it again :-)

I've uninstalled and re-installed K-9. Removed and re-added the account, it happens every time:

I set the fetching mail settings to connect via SSL, I get the unrecognized certificate warning, accept the certificate anyway, and K-9 fetches the mail fine.

Then, set the sending mail settings to connect via SSL, complete the setup, but then it gets the java.security.cert error and is unable to send messages.

I can reset the outgoing mail settings again (using SSL) and then it will send the messages, BUT, now I get the error when fetching messages. Apparently K-9 will only use a self-signed SSL cert for sending or receiving, but not both simultaneously. Game over, return to stock Android email app :-(

Log file in .txt attached, starts where I compose the test message, on through all the errors.

Please help. I love K-9 and miss it so dearly!!! :-)

can you post the results of: openssl s_client -connect :

If you don't have openssl installed you can just post the hostname + port.

Can you also post an debug log while setting up your account? Maybe there is some problem while accepting the cert at account setup.

Attached are the openssl command results, and also the log from the Android when setting up the account.

Thanks for any help you can provide.

the problem is that your imaps and your smtps certifcate don't match. we store the certs with their CN. So if the CN is the same but the cert is different we get a problem.

The fix is complexe and breaks backward compability so we can't apply it. I know this does not sound good :/ there is some missing feature which is an blocker on this issue, but i can't give you an timetable when this missing part is addressed.

I fear the only thing you can do about this is to change your smtps cert to be the same as your imaps cert.

@internalremark: switch to https://github.com/ge0rg/MemorizingTrustManager

Thank you.

With regards to changing smtps cert to be same as imaps cert, will K-9 work if these are self-signed certificates generated by my WHM VPS?

i use self-signed certs on my server too. Works without problems

Wow. bernhard... you figured it out!!!! :-)

I was connecting to two different servers (one for in and one for out). With your advice above, I connected to the same server address for in and out, and hooray! IT WORKED!

I can finally use K-9 again, and securely!

THANK YOU, THANK YOU, THANK YOU!!!

doh!

I spoke too soon (this has happened before regarding this issue) ....It is NOT working. Still getting java.security errors.

Log file attached...

Been going through this for 3 years, but this is the first time I actually included log files.....I hope it can get resolved.

(just a thought - would Push have any factor here?)

Thanks for any help

you have to do openssl s_client -connect :

for both your imaps and your smtps port (as configured in k9) from the output you have to compare the BEGIN CERTIFICATE part. They should math (1:1). i don't see any additional info in the logs. I guess the problem are the different certs on imap and smtp.

i did a quick check and the certs seem not to match on your server.

and push should not make an difference here.

By the way: If you configure k9 to SSL (if available) it will use ssl but not check the certificate at all.

So you may be attacked with man-in-the-middle ssl - but eavesdropping without MITM is not possible,

What do you mean by "you have to do openssl s_client -connect :"?? Is this something I need to set on my android or on my mailserver or in k-9?

i guess you already executed the command? http://code.google.com/p/k9mail/issues/detail?id=3716#c22

Maybe i mixed up the bugreport so: openssl is an linux utlity command to check server ssl responses. If you have never heard of this, it would be better to mail me your servername + the port you use for imap and the port you use for smtps. I can then check it on myself.

the command basically shows you the public certificate the server announces. And it's important that they are the same for smtp and for imap. Usually there is a seperate daemon for smtp and for imap in linux, therefor it's not unlikely that you configured different certs.

On my device, I connect via port 993 (fetching mail) and port 465 for outgoing.

I've run the openssl s_client -connect command (in bash, on Linux) and this time I ran it for port 993 and port 465. Results attached here...

as you can see in your attached file the certificates don't match (the ----BEGIN CERTIFICATE----- is relevant)

If you certificates have the same CommonName (CN) but are not the same, k9 does not recognize that these are different certs and only stores one.

The fix for k9 is pretty complicated and may need month (this problem is known since some time). You can configure your server to use the same certificate for imap (fetching) and smtp (outgoing)

YES!

This is resolved. I had mismatched certs on my in/out mailserver. I changed it to use same cert and this works. Whew!

This took me 3 years to figure out! :-) Thank you bernhard...

Happy K-9 user here!

Can you disbribe how this can be solved? Step by step please .... Tnx

In my case, the mail server I use was issuing a separate self-signed SSL certificate for incoming and outgoing handshakes.

I contacted my host and had them set the same cert for in/out at my mailserver. Then I re-installed the account on K-9 and it's working in/out with "SSL Always" checked for both.

There was a process (in the thread above) where I queried my server to confirm there were 2 different SSL certs (one for the imap and one for the smtp). You should probably start there.

Use a command line and enter: openssl s_client -connect :

Replace with your mailserver address and with your incoming server SSL port.

Then repeat the same command but use the outgoing mail port for to compare the output.

If you don't have openssl installed you can just post the hostname + port of your mailserver and I can show you the output.

Issue 5947 has been merged into this issue.

I having the same issue with my K-9 mail client (latest version as date of this post) running on Samsung Galaxy note 2. I checked the certificate of oncoming & outgoing server & ports and compared they are the same !!

Incoming server: mail.difikra.com:993 Outgoing server: mail.difikra.com:465

Any ideas?