Re: New Geotrust SSL Certificates - Broken on Android and ZD

[Matt Mencel <MR-Mencel@wiu.edu>]

For Geotrust, adding the CrossRoot cert to the chain may fix it.  We have not had a chance to test this yet.

http://code.google.com/p/android/issues/detail?id=10807
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1426&actp=search&viewlocale=en_US&searchid=1283360269668

Matt

----- Original Message -----
From: "James M. Cook" <jmcook1@mail.plymouth.edu>
To: zimbra-hied-admins@sfu.ca
Sent: Monday, November 22, 2010 1:48:33 PM
Subject: Re: New Geotrust SSL Certificates - Broken on Android and ZD

We have the same problem w/ our new Thawte cert. On HTC phones you cannot 
accept the new cert for imaps connections. Active Sync will ask you about the 
cert and allow you to accept it. Thank you HTC for creating your own e-mail 
app!

ZD has been confirmed by Zimbra and they have opened a bug.
http://bugzilla.zimbra.com/show_bug.cgi?id=53482

The root (no pun intended) of the problem for us is Thawte switching over to 
2048 certs this past summer. This has created a new chain that Android and ZD 
don't have.

James

On Sunday, November 21, 2010 2:43:49 pm Matt Mencel wrote:
> Just a warning for everyone if you're close to renewing your SSL certs...
> 
> http://www.zimbra.com/forums/administrators/44675-new-geotrust-ssl-certific
> ates-android-users.html
> 
> We just installed a new Geotrust 2048 bit cert on our Zimbra servers. 
> Android (and ZD according to the thread) does not like the new style
> certs.
> 
> Matt