Our Zimbra installation uses self-signed certificates. They just came up for renewal and I renewed them last Saturday. Everyone using the web client or Zimbra Desktop was back in business almost immediately after authorizing an exception for the new certificate.

Two customers access their email via IMAP on the same model Android smart phone. They both installed an OS upgrade (to v2.3.3) on their phones, coincidentally, also on Saturday. Prior to this they had been receiving, sending, and deleting email on their phone and everything had been syncing perfectly.

After the certificate renewal and OS upgrade, one of the customers continued to be able to access his email exactly as before. The other, whose account was configured on his phone in exactly the same way, could no longer even connect to the mail server. His phone reported "invalid certificate" errors.

I set him up with a brand new account, which he configured in exactly the same way again on his phone. With this account, he too could handle email in the usual way. But nothing we tried made it possible for him to use his original account on his phone.

If I can, I would like to avoid having to migrate him over to the new account because his mailbox is approaching 6GB.

What could be the reason for this illogical behavior? Surely a certificate is either valid or invalid; it shouldn't be invalid just for one account and valid for everyone else.

Can anyone shed any light on this and offer a suggested way out of the impasse?

... Ed