TB says unknown, and I know why. I have set the class 1 and class 2 certificate chain keys to the same, when these should be different. Damn, StartCom's certs are difficult to set up.
read this: http://binblog.info/2010/02/02/lengthy-chains/
basically, you start with YOUR cert and work you way up to the root CA with
openssl x509 -in your_servers.{crt|pem} -subject -issuer > server- allinone.crt
openssl x509 -in intermediate_authority.{crt|pem} -subject -issuer >> server-allinone.crt
openssl x509 -in root_ca.{crt|pem} -subject -issuer >> server-allinone.crt
then, in dovecot.conf ---8<--- ssl_cert_file = /path/to/server-allinone.crt ssl_key_file = /path/to/private.key ---8<---
It works for me but YMMV of course. Androids before 2.2 do not have startcom as a trusted CA and will complain anyhow.
Best Regards, Thanos Chatziathanassiou
Workaround for K9 (latest version) is to go to the Account Settings -> Fetching -> Incoming Server, and click Next. It will attempt to authenicate and then complain about the certificate. One can ignore the warning and accept the certificate.
Cheers all.
Simon