X
Tap here to go to the mobile version of the site.

Support Forum

FxOS: eMail app reports invalid server-certificate - impossible to configure mail-accs

Posted

I tried to configure 2 different mail accounts without success. in both cases it reports, that it can't establish a secure connection, because the server-certificate is invalid. one is my mail account from university and the other the account from a custom domain. in thunderbird all works well.

I tried to configure 2 different mail accounts without success. in both cases it reports, that it can't establish a secure connection, because the server-certificate is invalid. one is my mail account from university and the other the account from a custom domain. in thunderbird all works well.

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

More Information

eyome 0 solutions 31 answers

Helpful Reply

What kind of email you have? Gmail, Outlook, other? What kind of certificate?

What kind of email you have? Gmail, Outlook, other? What kind of certificate?

Helpful Reply

as I said: "one is my mail account from university and the other the account from a custom domain."

I don't know what the matter with the server certificates is at university. And my private domain, hostet by a reasonable big provider, surely uses also valid certificates.

I don't use google or microsoft services for a reason and prefer for instance FxOS over their OS.

There should be an option to overrule the mailclients judgment, that the certificate isn't valid.

Right now FxOS prohibits many, many users from using mail on their phone!

as I said: "one is my mail account from university and the other the account from a custom domain." I don't know what the matter with the server certificates is at university. And my private domain, hostet by a reasonable big provider, surely uses also valid certificates. I don't use google or microsoft services for a reason and prefer for instance FxOS over their OS. There should be an option to overrule the mailclients judgment, that the certificate isn't valid. Right now FxOS prohibits many, many users from using mail on their phone!

Question owner

More info on universities certifivates: https://www.rz.uni-augsburg.de/service/zertifikate/wurzelzertifikate/

Question owner

we really need to have the ability to import certificates.

do you want normal users to do that: http://www.pending.io/add-cacert-root-certificate-to-firefox-os/ to solve this?

by now lots of users are unable to use their mail!

we really need to have the ability to import certificates. do you want normal users to do that: http://www.pending.io/add-cacert-root-certificate-to-firefox-os/ to solve this? by now lots of users are unable to use their mail!
SHOBLE THOMAS 13 solutions 184 answers

I think your date and time of your phone is incorrect.so that invalid server message is comming

I think your date and time of your phone is incorrect.so that invalid server message is comming

Question owner

drummershob said

I think your date and time of your phone is incorrect.so that invalid server message is comming

how correct has it to be? I checked and at least year, month, day, hour and minute are correct ;-). I wonder, whether you really read my question!? already identified the problem: it's the unability to add certificates without diving into hacking meassures.

''drummershob [[#answer-767622|said]]'' <blockquote> I think your date and time of your phone is incorrect.so that invalid server message is comming </blockquote> how correct has it to be? I checked and at least year, month, day, hour and minute are correct ;-). I wonder, whether you really read my question!? already identified the problem: it's the unability to add certificates without diving into hacking meassures.

Modified by rivaldo

SHOBLE THOMAS 13 solutions 184 answers

Certificate exceptions are a system-level issue that should be addressed outside the email app. Bug 867899 and bug 769183 are existing bugs that deal with the issue, although there may exist other bugs or other bugs may need to be filed.

If during the implementation of system support for certificate exceptions it's deemed appropriate (and not too risky) to provide a means for applications to help inform such a process, it is worth considering this during email app account setup informed by the ISP database.

The canonical statement on this can be found on comment 59.

A useful discussion thread can be found on the dev.platform list at https://groups.google.com/d/msg/mozilla.dev.platform/lT4Mhi-B1JI/KxrrfSq-G4YJ

Discussion of certificate exceptions are best suited to the dev-gaia list (https://www.mozilla.org/about/forums/#dev-gaia) or the dev-b2g list (https://www.mozilla.org/about/forums/#dev-b2g).

Currently available "workarounds" are to: - Get a valid certificate. StartCom provides free certificates for non-commercial use at https://www.startssl.com/?app=1 and certificates in general are quite cheap. (This actually addresses the problem so isn't really a workaround.) - Manually import a certificate from the command line: https://groups.google.com/forum/#!msg/mozilla.dev.b2g/B57slgVO3TU/G5TA-PiFI_EJ - Use the browser app to add a certificate exception. This should definitely work for ActiveSync, it may work for IMAP/SMTP/POP3 if the same certificate is hosted at the same domain name on the https port.

Certificate exceptions are a system-level issue that should be addressed outside the email app. Bug 867899 and bug 769183 are existing bugs that deal with the issue, although there may exist other bugs or other bugs may need to be filed. If during the implementation of system support for certificate exceptions it's deemed appropriate (and not too risky) to provide a means for applications to help inform such a process, it is worth considering this during email app account setup informed by the ISP database. The canonical statement on this can be found on comment 59. A useful discussion thread can be found on the dev.platform list at https://groups.google.com/d/msg/mozilla.dev.platform/lT4Mhi-B1JI/KxrrfSq-G4YJ Discussion of certificate exceptions are best suited to the dev-gaia list (https://www.mozilla.org/about/forums/#dev-gaia) or the dev-b2g list (https://www.mozilla.org/about/forums/#dev-b2g). Currently available "workarounds" are to: - Get a valid certificate. StartCom provides free certificates for non-commercial use at https://www.startssl.com/?app=1 and certificates in general are quite cheap. (This actually addresses the problem so isn't really a workaround.) - Manually import a certificate from the command line: https://groups.google.com/forum/#!msg/mozilla.dev.b2g/B57slgVO3TU/G5TA-PiFI_EJ - Use the browser app to add a certificate exception. This should definitely work for ActiveSync, it may work for IMAP/SMTP/POP3 if the same certificate is hosted at the same domain name on the https port.