IPhone IMAP and expired SSL

I’ve been having an issue with configuring a clients Iphone to access their email server through a vpn or local connection.  It is an interesting configuration as it includes a second firewall at the site, since the email system is outsourced yet kept secure through a secondary transparent vpn.

The Iphone used to work fine, then one day it stoppped.  Of course there is no way to ask the outsourcing company (10,000 employees+) so it’s a matter of trial and error.  These days so many things are masked by the programs and OS that digging into the issue was the hardest part.  I was able to connect Local and VPN connected PC’s and Mac’s to the mail system.  Along the way there would be a certificate error but it seemed to recover and move on.  I could telnet to 143 from them and receive a response back.  Hmm..

After trying to create an email profile on the Iphone a dozen different ways I decided to step back and try the telnet test from the Iphone as well.  Using iSSH (app) I tried to telnet to 143 and voila, same problem no connection.  I was able to telnet to a different imap server.  Now faced with this I considered what I had seen earlier, an expired certificate error.  (Now don’t ask me why a fortune 100 corporation can’t update their SSL cert but thats an entirely different question!)

Through further investigation, I settled on the fact the Iphone, SSL Cert and the remote F5 Big-IP Load balancing/aggregator/firewall were not talking to each other, apparently after a recent update to the F5 device (there was a ddos attack going around).

How did I fix it..  Lets just call it tom foolery!  The remote would allow through an SSL connection but not a 143 connection that didn’t like it’s cert.  So I created the mail account on the Iphone, saved it even though it said it wouldn’t communicate.  After saving went back in, enabled SSL on the account, went out and started mail.  It warned of an invalid cert… I ignored it and the mail started coming in.

Just a normal day in the office!