Certificate error

Since version 15.0 K9-mail systematically raises a certificate error on one of my professional email address, saying : the app detected a potential security threat and did not connect to [server name]. If you continue, attackers could steal information like your password or emails.

I have emailed the IT support from my institution with my server setting details, and they’re saying everything looks good on my side, and that they have recently switched the CA to HARICA (Hellenic Academic and Research Institutions CA).

Could it be the case that there is a problem between K9-mail and HARICA?

Welcome to the K-9 Mail Forum.

K-9 uses your device’s own trusted root store. If the CA is not a publicly trusted CA that is already know to your trusted root store, you would need to add that root CA to your device.

Thank you for your reply. How do I add the CA to my device?

It really depends. Did you test the CA certificate against your existing trust store yet? You should start there before you start importing root CAs.

The IT service from py institution sent me the .pem file. I installed it on my device and the issue seems to be resolved.

Glad to hear that manually installing the certificate worked for you. This is a helpful tip for others who might be using a less common Certificate Authority and encountering similar connection errors.

It’s always a headache when certificates act up after an update. Have you checked if the system clock on your device is exactly in sync? Sometimes even being off by a minute can cause these handshake errors. Another thing to try is removing the account and re-adding it, which usually forces K-9 to fetch the latest certificate details from the server. If it’s a self-signed cert, you might need to manually re-import it into the app’s trust store.