I am trying to connect an AquaMail on my phone (Sprint Samsung Note 4, stock rooted, Android OS 5.0.1) to my email server (IMAP) using SSL. When I try this, I get the following error message:
Incoming mail server (IMAP): Invalid security (SSL) certificate. java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
The server to which I am trying to connect is my own VPS. I do have a wild card certificate installed on the site and I believe it is installed properly. I say this because of the report I generated on ssllabs.com/ssltest (for both <domain> and mail.<domain>):
• Certificate: 100%
• Protocol Support: 95%
• Key Exchange: 90%
• Cipher Strength: 90%
Two certification paths are shown: mail.mydomain.com -> StartCom Class 2 Primary Intermediate Server CA -> StartCom Certification Authority (one path shows this with SHA1withRSA and the other shows SHA256withRSA).
Looking at the Handshake Simulation section, it clearly shows that Android 5.0.0 functions properly, but is also shows that Java 7u25 has a 'protocol or cipher suite mismatch'. This same warning shows up for other, deprecated systems and is probably due to my having turned off older, insecure access protocols.
Can anyone suggest an approach for solving this problem (and not working around it by, for example, allowing all certificate or not using secure protocols).
Thank you.