Revision history [back]

Hi folks

I am having problems with my digital certificates. 22 days ago my email accounts stopped working. When trying to sync my mail I get asked to check the certificate.

The server in question (mail.your-server.de) with TLS (port 993), presents a certificate from DigiCert (CN = RapidSSL TLS RSA CA G1) which in turn refers to CN = DigiCert Global Root G2 as the root certificate.

The DigiCert Global Root G2 is among those listed at the Sailfish certificate manager.

When comparing the public signatures of the two, I find for some reason that the one in the Sailfish OS version of the signature has "00:" prefixed to its value, whereas the one in Firefox on my laptop does not. Otherwise, they seem similar.

I installed openssl on my jolla as suggested in this thread. The one-liner

openssl s_client -showcerts -connect mail.your-server.de:993

returns

CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.your-server.de
verify return:1

...

This is the same result I get when running the same command on my laptop.

I have also tried to delete the account and re-establish it as suggested in this thread. No dice - still asks me to check certificate.

I don't want to disable certificate validity check. It has worked flawlessly in the past and as far as I can tell, it still should.

Suggestions ?

Hi folks

I am having problems with my digital certificates. 22 days ago On 2018-06-03 my email accounts stopped working. When trying to sync my mail I get asked to check the certificate.

The server in question (mail.your-server.de) with TLS (port 993), presents a certificate from DigiCert (CN = RapidSSL TLS RSA CA G1) which in turn refers to CN = DigiCert Global Root G2 as the root certificate.

The DigiCert Global Root G2 is among those listed at the Sailfish certificate manager.

When comparing the public signatures of the two, I find for some reason that the one in the Sailfish OS version of the signature has "00:" prefixed to its value, whereas the one in Firefox on my laptop does not. Otherwise, they seem similar.

I installed openssl on my jolla as suggested in this thread. The one-liner

openssl s_client -showcerts -connect mail.your-server.de:993

returns

CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.your-server.de
verify return:1

...

This is the same result I get when running the same command on my laptop.

I have also tried to delete the account and re-establish it as suggested in this thread. No dice - still asks me to check certificate.

I don't want to disable certificate validity check. It has worked flawlessly in the past and as far as I can tell, it still should.

Hi folks

I am having problems with my digital certificates. On 2018-06-03 my email accounts stopped working. When trying to sync my mail I get asked to check the certificate.

The server in question (mail.your-server.de) with TLS (port 993), presents a certificate from DigiCert (CN = RapidSSL TLS RSA CA G1) which in turn refers to CN = DigiCert Global Root G2 as the root certificate.

The DigiCert Global Root G2 is among those listed at the Sailfish certificate manager.

When comparing the public signatures of the two, I find for some reason that the one in the Sailfish OS version of the signature has "00:" prefixed to its value, whereas the one in Firefox on my laptop does not. Otherwise, they seem similar.

I installed openssl on my jolla as suggested in this thread. The one-liner

openssl s_client -showcerts -connect mail.your-server.de:993

returns

CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.your-server.de
verify return:1

...

This is the same result I get when running the same command on my laptop.

I have also tried to delete the account and re-establish it as suggested in this thread. No dice - still asks me to check certificate.

I don't want to disable certificate validity check. It has worked flawlessly in the past and as far as I can tell, it still should.

EDIT (2018-12-11)

This one is still relevant as of Sailfish 3.0. I have tried to delete the mail account from Jolla (Settings app -> Accounts -> select account -> drop down -> delete account) after which I tried to create it again. It fails with the message that the certificate validation fails, and that I need to allow all untrusted certificates if I want to access that account.

It is still not in my best interest to disable validation of certificates against trusted sources.

Will someone from Sailfish please look into this? I have been unable to access my personal mail account on my Jolla for over 6 months now.

Hi folks

I am having problems with my digital certificates. On 2018-06-03 my email accounts stopped working. When trying to sync my mail I get asked to check the certificate.

The server in question (mail.your-server.de) with TLS (port 993), presents a certificate from DigiCert (CN = RapidSSL TLS RSA CA G1) which in turn refers to CN = DigiCert Global Root G2 as the root certificate.

The DigiCert Global Root G2 is among those listed at the Sailfish certificate manager.

When comparing the public signatures of the two, I find for some reason that the one in the Sailfish OS version of the signature has "00:" prefixed to its value, whereas the one in Firefox on my laptop does not. Otherwise, they seem similar.

I installed openssl on my jolla as suggested in this thread. The one-liner

openssl s_client -showcerts -connect mail.your-server.de:993

returns

CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.your-server.de
verify return:1

...

This is the same result I get when running the same command on my laptop.

I have also tried to delete the account and re-establish it as suggested in this thread. No dice - still asks me to check certificate.

I don't want to disable certificate validity check. It has worked flawlessly in the past and as far as I can tell, it still should.

EDIT (2018-12-11)

This one is still relevant as of Sailfish 3.0. I have tried to delete the mail account from Jolla (Settings app -> Accounts -> select account -> drop down -> delete account) after which I tried to create it again. It fails with the message that the certificate validation fails, and that I need to allow all untrusted certificates if I want to access that account.

It is still not in my best interest to disable validation of certificates against trusted sources.

Will someone from Sailfish please look into this? I have been unable to access my personal mail account on my Jolla for over 6 months now.

Hi folks

I am having problems with my digital certificates. On 2018-06-03 my email accounts stopped working. When trying to sync my mail I get asked to check the certificate.

The server in question (mail.your-server.de) with TLS (port 993), presents a certificate from DigiCert (CN = RapidSSL TLS RSA CA G1) which in turn refers to CN = DigiCert Global Root G2 as the root certificate.

The DigiCert Global Root G2 is among those listed at the Sailfish certificate manager.

When comparing the public signatures of the two, I find for some reason that the one in the Sailfish OS version of the signature has "00:" prefixed to its value, whereas the one in Firefox on my laptop does not. Otherwise, they seem similar.

I installed openssl on my jolla as suggested in this thread. The one-liner

openssl s_client -showcerts -connect mail.your-server.de:993

returns

CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.your-server.de
verify return:1

...

This is the same result I get when running the same command on my laptop.

I have also tried to delete the account and re-establish it as suggested in this thread. No dice - still asks me to check certificate.

I don't want to disable certificate validity check. It has worked flawlessly in the past and as far as I can tell, it still should.

EDIT (2018-12-11)

This one is still relevant as of Sailfish 3.0. I have tried to delete the mail account from Jolla (Settings app -> Accounts -> select account -> drop down -> delete account) after which I tried to create it again. It fails with the message that the certificate validation fails, and that I need to allow all untrusted certificates if I want to access that account.

It is still not in my best interest to disable validation of certificates against trusted sources.

Will someone from Sailfish please look into this? I have been unable to access my personal mail account on my Jolla for over 6 months now.

EDIT (2019-09-01)

We are now well past the anniversary for the reporting of this bug. Running v 3.1.0.11. Mail application still fails to fetch mail with the error message "Check certificate".

Hi folks

I am having problems with my digital certificates. On 2018-06-03 my email accounts stopped working. When trying to sync my mail I get asked to check the certificate.

The server in question (mail.your-server.de) with TLS (port 993), presents a certificate from DigiCert (CN = RapidSSL TLS RSA CA G1) which in turn refers to CN = DigiCert Global Root G2 as the root certificate.

The DigiCert Global Root G2 is among those listed at the Sailfish certificate manager.

When comparing the public signatures of the two, I find for some reason that the one in the Sailfish OS version of the signature has "00:" prefixed to its value, whereas the one in Firefox on my laptop does not. Otherwise, they seem similar.

I installed openssl on my jolla as suggested in this thread. The one-liner

openssl s_client -showcerts -connect mail.your-server.de:993

returns

CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.your-server.de
verify return:1

...

This is the same result I get when running the same command on my laptop.

I have also tried to delete the account and re-establish it as suggested in this thread. No dice - still asks me to check certificate.

I don't want to disable certificate validity check. It has worked flawlessly in the past and as far as I can tell, it still should.

EDIT (2018-12-11)

This one is still relevant as of Sailfish 3.0. I have tried to delete the mail account from Jolla (Settings app -> Accounts -> select account -> drop down -> delete account) after which I tried to create it again. It fails with the message that the certificate validation fails, and that I need to allow all untrusted certificates if I want to access that account.

It is still not in my best interest to disable validation of certificates against trusted sources.

Will someone from Sailfish please look into this? I have been unable to access my personal mail account on my Jolla for over 6 months now.

EDIT (2019-09-01)

We are now well past the anniversary for the reporting of this bug. Running v 3.1.0.11. Mail application still fails to fetch mail with the error message "Check certificate".

openssl s_client -showcerts -connect mail.your-server.de:993
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1
verify return:1
depth=0 CN = *.your-server.de
verify return:1

...