SSL certificate change?

[someone]

Aquamail just put up an alert on my Gmail account. Should I be worried?

[StR]

I've got that too this morning.  It looks like Gmail changed their certificates, and Aquamail warned you ad it should.
Gmail does it every so often. (More often then others, as it seems to me, which confuses users.)

[someone]

Thank you. Did it. I guess it is not a concern. Correct?

[StR]

You may disable the SSL certificate change check. It's somewhere in the settings, in App settings-> Network, I think.

I wouldn't recommend that.
Certificates are there for a reason, not just to annoy you. Because one day you'll have a man-in-the-middle attack while on some random wi-fi network, and someone (not this someone but someone else, a perpetrator ;-) ) will snatch your password.
Certificate verification makes sure that Aquamail is talking to the server directly, and that communication (including the login/password) is not intercepted.
Circumventing that defeats the security.

The correct approach is exactly what someone did: to verify that the change in the certificate is legitimate. And the approve and continue using the app.
(The option to disable this should be used only in rear cases while the servers are undergoing some maintenance/transition, and only as a temporary measure.)

Update:
Someone:  For more details on this issue, please read this FAQ item:
http://www.aqua-mail.com/?page_id=227
'SSL certificate change', Gmail and others

[Kostya Vasilyev]

http://www.aqua-mail.com/forum/index.php?topic=4547.msg27852#msg27852

[someone]

Thank you Kostya.

[someone]

I've got that too this morning.  It looks like Gmail changed their certificates, and Aquamail warned you ad it should.
Gmail does it every so often. (More often then others, as it seems to me, which confuses users.)

So, is it legit?

Thank you.

[StR]

I've got that too this morning.  It looks like Gmail changed their certificates, and Aquamail warned you ad it should.
Gmail does it every so often. (More often then others, as it seems to me, which confuses users.)

So, is it legit?

Thank you.

Not being a Google insider, I cannot speak for them.

My logic is simple: Two users (you and I) on two different networks (and I trust mine with 99.95% certainty) have received this change of certificate on the same day. The fact that we are on two different networks gives minimum probability that our providers got hacked at the same time with the same goal of MITM attack on Gmail servers. Also, since we are using different DNS servers, it is very unlikely there was injection of spoofed IP addresses for Gmail servers.
So, it leaves two possibilities: Either Google servers have been hacked (DNS servers or mail servers), or the change of the certificates was legitimate.
If Google servers were hacked, that news would be everywhere.

Thus, I conclude with a very high certainty that the change of the certificates was legitimate.

[Kostya Vasilyev]

Well -- to be sure -- it is best to compare the signatures (hashes) of the new certs, from AquaMail's "cert change", with other users... The information is there, but then perhaps not everyone always posts those hashes on the Internet...

[StR]

Exactly!