Since GeoTrust / Thawte decided to have some fun this year and replace their Root CA, handling SSL certificate upgrades/renewals/requests for Tomcat/Apache/Jetty/Zimbra users have become somewhat more painful.
Apart from being filled with (sometimes) confusing hints on how to solve this, merging a root CA with an intermediate CA, there is very little talk both here and in other places about how to solve the rather burning issue of Android phones not being able to connect to a Zimbra server secured with a new GeoTrust / Thawte certificate.
The problem is with getting Android to "believe" in the CA presented in these new certificates. There are threads everywhere to the effect of "Simply combine the proper root CA from GeoTrust / Thawte and then add your intermediate CA and then deploy your new certificate" (and Bob's your uncle).
The only problem is that this doesn't work for Android users.
IMAP over SSL is not working (certificate error)
Exchange ActiveSync over SSL is not working (certificate error)
Are we the only ones that have run into this problem and not having been able to solve it?