AquaMail Forum

English - Android => General Discussion => Topic started by: Nevs on March 20, 2017, 12:03:10 am

Title: Suddenly impossible to synchronize my inbox with Freenet.de
Post by: Nevs on March 20, 2017, 12:03:10 am
Dear AquaMail specialists,

it is not possible for me to synchronize my freenet mail account with AquaMail (to check wether there are new mails ) since 06.03.2017. I never changed the account data i. e. I left it as before. If I’m gonna to synchronize, AquaMail always gives me a message like that in German: “Fehler Nachrichten werden synchronisiert: Ungültiges Sicherheitszertifikat (SSL): java.security.cert.CertPathValidatorException: Trust anchor for certification path not found..". I try to translate the German words as follows: “Error while Messages will be synchronized: Invalid security certificate (SSL): …” Sending messages via AquaMail is o. k.

Account settings in AquaMail:
Server-Type: IMAP
Servername: mx.freenet.de
Authentication type: STARTTLS (streng)
Server-Port: 143

SMTP-Server-Name: mx.freenet.de
Authentication type: STARTTLS (streng)
Server-Port: 587

All these settings worked fine before the 6th of March 2017.
There are no problems while using an email client like Thunderbird on my PC (same settings as above)

Any ideas are welcome – I’m really despaired of it  :'(

Thank you so far.

Best regards
Nevs
Title: Re: Suddenly impossible to synchronize my inbox with Freenet.de
Post by: Nevs on March 20, 2017, 12:59:24 am
Hi Paris Geek,

Thanks a lot for your suggestions. I tried several combinations with different authentication types and ports but still no synchronisation possible.
It's a very strange thing because Freenet recommends the above settings and they did work until noon at the 6th of March!???

Best regards
Nevs
Title: Re: Suddenly impossible to synchronize my inbox with Freenet.de
Post by: Kostya Vasilyev on March 21, 2017, 08:46:33 pm
Freenet recently missed updating their SSL certs, letting them expire (a couple of weeks ago).

Now they've updated the certs, but they used as CA that some Android versions don't know about.

Please use:

Same server name

For IMAP (incoming): security SSL (accept any) and port 993
For SMTP (sending): security SSL (accept any) and port 465

The "accept any" will bypass Android not being able to validate the cert.
Title: Re: Suddenly impossible to synchronize my inbox with Freenet.de
Post by: Nevs on March 23, 2017, 02:14:38 pm
Hi Kostya,

thanks a lot for your help and explanations. Your suggestion works even if I
use STARTTLS (strong), Port 587 for SMTP?!
Btw. isn't it a little bit insecure to use "accept any"?

Best regards
Nevs
Title: Re: Suddenly impossible to synchronize my inbox with Freenet.de
Post by: Kostya Vasilyev on March 24, 2017, 10:11:13 pm
Re: Btw. isn't it a little bit insecure to use "accept any"?

Yes it is less secure than "strict" because that skips CA validation.

It was Freenet's decision to use a cert that just happens to not pass validation on older Android version, not ours.