How to show TLS cert?

Hi there
Is there any way to show the TLS cert used by the connecting email Server?
How does K9 handle certificates that seem invalid, e.g. out of date?


If a presented cert is invalid (out of date, doesn’t match any of your root CAs, etc.), you’ll get a notification. Opening the notification will show details of the cert, and will have an option to accept that particular cert permanently.

I use self-signed certs on my IMAP server, so I see this on my devices wherever I do a cert rotation.

Is there also a way to show a normal cert that is not invalid and doesnt trigger a message…?

No. That’s not supported right now.

Since the (incoming and outgoing) hosts are statically defined in K-9, looking at the certificates in real-time isn’t generally necessary. So, you should be able to use some other tool to check things out. If you have a *nix machine, I would use the “openssl s_client” command. In android apps, there’s “Ceromon SSL/TLS”:

that appears to show the same things as the s_client -showcerts command, save the cert proper.