There is a bad interaction between the Comodo intermediate CA certificates that are distributed in the Windows Trusted Root CA list and generated X.509 certificates from Comodo. This fix has to be applied repeatedly, whenever Windows autoupdates its Trusted Root CA list.
See CertPathValidatorException with Windows server and Android client for the symptoms and causes.
- start > run > mmc
- file > add/remove snap in
- certificates
- computer account
- local computer
- trusted root certification authorities > certificates
- cut "COMODO RSA Certification Authority" (but leave "COMODO Certification Authority" and "COMODO ECC Certification Authority" alone)
- paste into personal > certificates, which effectively disables it
If you don't want to keep a backup copy in Personal Certificates, you can instead just delete the COMODO RSA Certification Authority.
You can add a Scheduled Task that runs certmgr.exe.
certmgr.exe -del -v -c -sha1 afe5d244a8d1194230ff479fe2f897bbcd7a8cb4 -s -r localMachine Root
- open mdaemon
- security > security settings
- ssl & tls > mdaemon
- choose the wrong cert, hit apply
- choose the right cert, hit apply
If you don't have any other certs, try clicking Restart Servers.
k-9 mail should not throw any more certificate errors