Kristopher Kolpin <[email protected]> writes: > Certificates from Let's encrypt are cross-signed by Digital Signature > Trust Co. (DST root CA X3). The DST certificate is present in my > Android 6.0.1 credential store by default. However, K-9 mail does not > recognize the Let's Encrypt certificate and produces an error. I can > accept the certificate anyways but it pops up every once and a while. > Does K-9 mail not properly recognize cross-signed certificates?
When there is a CA in the trust anchor set, and a server cert issued by some CA not in the trust anchor set, generally the server should transmit not only their end-system cert but any chain certs needed to validate from the default trust anchor set. I am not clear on Let's Encrypt; my impression is that one needs a chain cert from someplace on some systems, and on newer systems or some systems, the Let's Encrypt root is present. Which is a long way of asking if your mail server is presenting the chain cert needed from DST? -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
