AquaMail Forum
English - Android => General Discussion => Topic started by: Nevs on March 20, 2017, 12:03:10 am
-
Dear AquaMail specialists,
it is not possible for me to synchronize my freenet mail account with AquaMail (to check wether there are new mails ) since 06.03.2017. I never changed the account data i. e. I left it as before. If I’m gonna to synchronize, AquaMail always gives me a message like that in German: “Fehler Nachrichten werden synchronisiert: Ungültiges Sicherheitszertifikat (SSL): java.security.cert.CertPathValidatorException: Trust anchor for certification path not found..". I try to translate the German words as follows: “Error while Messages will be synchronized: Invalid security certificate (SSL): …” Sending messages via AquaMail is o. k.
Account settings in AquaMail:
Server-Type: IMAP
Servername: mx.freenet.de
Authentication type: STARTTLS (streng)
Server-Port: 143
SMTP-Server-Name: mx.freenet.de
Authentication type: STARTTLS (streng)
Server-Port: 587
All these settings worked fine before the 6th of March 2017.
There are no problems while using an email client like Thunderbird on my PC (same settings as above)
Any ideas are welcome – I’m really despaired of it :'(
Thank you so far.
Best regards
Nevs
-
Hi Paris Geek,
Thanks a lot for your suggestions. I tried several combinations with different authentication types and ports but still no synchronisation possible.
It's a very strange thing because Freenet recommends the above settings and they did work until noon at the 6th of March!???
Best regards
Nevs
-
Freenet recently missed updating their SSL certs, letting them expire (a couple of weeks ago).
Now they've updated the certs, but they used as CA that some Android versions don't know about.
Please use:
Same server name
For IMAP (incoming): security SSL (accept any) and port 993
For SMTP (sending): security SSL (accept any) and port 465
The "accept any" will bypass Android not being able to validate the cert.
-
Hi Kostya,
thanks a lot for your help and explanations. Your suggestion works even if I
use STARTTLS (strong), Port 587 for SMTP?!
Btw. isn't it a little bit insecure to use "accept any"?
Best regards
Nevs
-
Re: Btw. isn't it a little bit insecure to use "accept any"?
Yes it is less secure than "strict" because that skips CA validation.
It was Freenet's decision to use a cert that just happens to not pass validation on older Android version, not ours.