Update:HE.net support tells me they’ve fixed the SSL certificate issue described below. I haven’t tested it, since I have something that works and don’t want to risk breaking it again.
You’d think that an Internet service provider would be able to deal with common issues like getting an email connection on an Android phone. This turned out to be beyond the ability of HE.net’s support staff, though.
This morning I tried to set up email on my new Moto phone with Android 4.4.4, using the standard email application. After entering the POP3 server information I got this error message:
"Can't safely connect to server. (java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.)"
I wrote to HE.net support describing the problem and got a response suggesting that I use Port 110 and set security to “none.” In other words, I should send my password in cleartext. I declined to do this, asking, “Are you saying I can’t use Android with secure email?”
Several hours later I got a reply from a different person saying, “That is correct. Our servers do not support SSL or encryption for email. (So it’s not specific to Android.)” That is completely false. I use SSL on several other devices from which I check mail on HE.net.
This was followed by a message from a third person saying, “Actually, minor correction: This should now be working for POP/IMAP if you retest. SSL is not supported for SMTP, however.” I’m already aware that there’s no authentication on SMTP; HE relies on an authenticated POP or IMAP request having been made from the same IP address in the past few minutes as confirmation that you’re the same user. That wasn’t what I had asked about.
By that point I’d downloaded K-9 Mail, which allowed me to accept the certificate even if it wasn’t properly certified down to a root authority. Having something that worked, I decided against experimenting with whatever might have been fixed, especially since I wasn’t told why I should expect any difference.
To sum up: HE.net doesn’t use properly validated SSL certificates, and they advised me to use an insecure connection, incorrectly told me that they don’t support secure email connections, and then told me it was a “minor correction” that it does. I wrote a flaming response, then deleted it without sending it.
HE.net used to be reasonably reliable. I’m starting to think I should look for a new ISP. I’m wondering why my other devices haven’t noticed a problem with the certificate, and I’m afraid they will at some point in the future.