[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New Geotrust SSL Certificates - Broken on Android and ZD

To: Matt Mencel <MR-Mencel@wiu.edu>
Subject: Re: New Geotrust SSL Certificates - Broken on Android and ZD
From: Doug Curtis <doug.curtis@oit.gatech.edu>
Date: Mon, 22 Nov 2010 15:13:23 -0500 (EST)
Cc: zimbra-hied-admins <zimbra-hied-admins@sfu.ca>
In-reply-to: <1844184340.16362.1290456158856.JavaMail.root@zcs10.wiu.edu>
Reply-to: Doug Curtis <doug.curtis@oit.gatech.edu>

We also had the same issue with Geotrust certs.  We added the correct intermediate CA to the CA chain file and that solved our cert errors on Android phones.

Doug

----- Original Message -----
> From: "Matt Mencel" <MR-Mencel@wiu.edu>
> To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
> Sent: Monday, November 22, 2010 3:02:38 PM
> Subject: Re: New Geotrust SSL Certificates - Broken on Android and ZD
> For Geotrust, adding the CrossRoot cert to the chain may fix it. We
> have not had a chance to test this yet.
> 
> http://code.google.com/p/android/issues/detail?id=10807
> https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1426&actp=search&viewlocale=en_US&searchid=1283360269668
> 
> Matt
> 
> ----- Original Message -----
> From: "James M. Cook" <jmcook1@mail.plymouth.edu>
> To: zimbra-hied-admins@sfu.ca
> Sent: Monday, November 22, 2010 1:48:33 PM
> Subject: Re: New Geotrust SSL Certificates - Broken on Android and ZD
> 
> We have the same problem w/ our new Thawte cert. On HTC phones you
> cannot
> accept the new cert for imaps connections. Active Sync will ask you
> about the
> cert and allow you to accept it. Thank you HTC for creating your own
> e-mail
> app!
> 
> ZD has been confirmed by Zimbra and they have opened a bug.
> http://bugzilla.zimbra.com/show_bug.cgi?id=53482
> 
> The root (no pun intended) of the problem for us is Thawte switching
> over to
> 2048 certs this past summer. This has created a new chain that Android
> and ZD
> don't have.
> 
> James
> 
> On Sunday, November 21, 2010 2:43:49 pm Matt Mencel wrote:
> > Just a warning for everyone if you're close to renewing your SSL
> > certs...
> >
> > http://www.zimbra.com/forums/administrators/44675-new-geotrust-ssl-certific
> > ates-android-users.html
> >
> > We just installed a new Geotrust 2048 bit cert on our Zimbra
> > servers.
> > Android (and ZD according to the thread) does not like the new style
> > certs.
> >
> > Matt

-- 
Doug Curtis
doug.curtis@oit.gatech.edu
Georgia Tech OIT/A&I
404.385.0390

References:
- Re: New Geotrust SSL Certificates - Broken on Android and ZD
  - From: Matt Mencel <MR-Mencel@wiu.edu>

Prev by Date: Re: New Geotrust SSL Certificates - Broken on Android and ZD
Next by Date: Re: Zimbra 6.0.9
Previous by thread: Re: New Geotrust SSL Certificates - Broken on Android and ZD
Next by thread: Re: Zimbra 6.0.9
Index(es):
- Date
- Thread