Hi there
Is there any way to show the TLS cert used by the connecting email Server?
How does K9 handle certificates that seem invalid, e.g. out of date?
Thanks
If a presented cert is invalid (out of date, doesn’t match any of your root CAs, etc.), you’ll get a notification. Opening the notification will show details of the cert, and will have an option to accept that particular cert permanently.
I use self-signed certs on my IMAP server, so I see this on my devices wherever I do a cert rotation.
Is there also a way to show a normal cert that is not invalid and doesnt trigger a message…?
No. That’s not supported right now.
Since the (incoming and outgoing) hosts are statically defined in K-9, looking at the certificates in real-time isn’t generally necessary. So, you should be able to use some other tool to check things out. If you have a *nix machine, I would use the “openssl s_client” command. In android apps, there’s “Ceromon SSL/TLS”:
https://play.google.com/store/apps/details?id=com.evbadroid.ceromon&hl=en_US&gl=US
that appears to show the same things as the s_client -showcerts command, save the cert proper.