Enforce fingerprint or CA for IMAPS SSL certificate

Hey,

I really love K9 Mail! Thanks for this great app!

Can I make K9 Mail only accept a certain certificate (identified by its fingerprint) for IMAPS instead of having it accept a certificate from any dubious country CA?

I considered using a self-signed certificate for my IMAPS server. Then K9 Mail would save the fingerprint of the self-signed certificate to trust it.
But I suspect, if some day my server would show up with a certificate signed by an “official” CA from anywhere in the world, K9 mail would accept that as well. Although I wanted to use only my self-signed certificate. Is that right?

Are you aware of ways to limit “trust” of K9 Mail to a certain CA or a certain certificate fingerprint?

Thanks a lot and keep up the good work!
Scully

That is correct. Except that K-9 Mail doesn’t accept a certificate signed by just any CA, only the ones stored in your device’s ‘trusted credentials’ store. With modern Android versions you should be able to disable the ones you don’t trust.

K-9 Mail does not support certificate/CA pinning.