For some time now, I had a problem using the IMAP e-mail client with my own mailhost. When using unencrypted POP3 or IMAP4, everything was fine, but when I tried to use SSL to protect my password, the phone refused to establish an SSL connection. The certificate I use is self-signed. As there is no trusted CA certificate installed in my phone that certified the authenticity of the SSL key my imapd uses, it correctly refuses the connection. But unlike desktop browsers or mail clients, it did not ask me if I wanted to trust the certificate presented but just disconnected. 🙁
So I found a solution to this on the Zimbra wiki: The way to go is to create a certificate file on a webserver and make the phone download it using its internal web-browser. The phone installs this certificate together with the root CA certificates and thus trusts the imapd when it presents a key signed by this certificate.
I tried this with my SonyEricsson K750i and it worked immediately.
Step by Step intstructions:
- Extract the certificate from the key file of imapd:
openssl x509 -outform der -in imapd.pem -out imapd.der
- Copy the output file into a directory accessible by your httpd. For simplicity, I used the server root.
- Configure your (non-ssl) httpd to provide the correct mime type for “.der”-Files:
Add “application/x-x509-ca-cert der” to mime.types
- open the browser of your phone, select “type URL” and enter:
- The phone will respond with some poorly debugged dialogs and finally end with something like “Do you want to accept the new certificate?”, select “YES”.
- Check the internet settings of your phone if the certificate is present and active. For my SonyEricsson K750i, it appeared in Internet Settings/Security/Root Certificates.
And since, the IMAP4 over SSL works as expected.