Problem with Android ActiveSync (Exchange)

Hi everybody,

I’m hosting Zarafa on my Home Server which supports ActiveSync (Z-Push). For my domain I created valid Let’s encrypt certificates and use them in my Apache Config for the corr. vHost.
Every Browser on Desktops and my Android device are accepting the Certificate without any problems/warnings.

On my Android I now create a new Exchange (ActiveSync) account with SSL enabled. When testing the configuration, android sais, that there is a problem with the certificate. When viewing it I can’t see anything wrong… the hostname is the same as I entered and the certificate is the correct and valid one…

This is the apache config for the vHosts’ SSL Part:
# SSL SSLEngine on SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem SSLCertificateFile /etc/letsencrypt/live/<domain>/cert.pem SSLCertificateChainFile /etc/letsencrypt/live/<domain>/fullchain.pem
What am I missing? Any hints?

Thx in advance
Snoopy

SSLCertificateChainFile should refer to chain.pem. fullchain.pem also includes cert.pem and that one is already specified by SSLCertificateFile. If your Apache is recent (=>2.4.8), you can also let SSLCertificateFile refer to fullchain.pem and delete SSLCertificateChainFile entirely.

But I don’t know if that’s gonna fix your Android Exchange problem.

Your hint was my first configuration: SSLCertificateChainFile first pointed to chain.pem.
While searching for hints regarding my problem (which was identical with this config) I came across this:

Here the SSLCertificateChainFile points to fullchain.pem. So I changed that in my config but the problem remains the same...

If you'd read that whole thread, you'd see the same correction :wink:

But I don't know why your Android doesn't work.. You say it says "there is a problem with the certificate".. Doesn't it give you more information? What's wrong with the certificate? Something about not trusted?

Yeah... I scrolled down a bit acutally and saw it myself :confounded:

Correct... It just sais "There is a problem with the certificate of this site" nothing more... I can view the certificate which is the correct one.. As I could continue after that message and the account works normally I assume this is just a warning (like the certificate were a self-signed one which I had before Let's encrypt goes live)... but I assumed that this message disappears now the certificate is a completely valid one...

And the version of the Android in question is…?

The device is a Samsung Galaxy S5 with the Stock Android 5.0…