Post about HARICA root certificate on Android.

content/posts/2024/summarize-subgroups-with-percentages-in-r/index.md

@@ -0,0 +1,14 @@
+---
+title: "Summarize Subgroups With Percentages in R"
+description: I need to remember how to summarize subgroups of a dataset with percentages in R!
+date: 2024-11-04T16:30:07+0100
+draft: true
+# ShowLastmod: true
+toc: false
+scrolltotop: true
+images: []
+tags:
+  - R
+  - Tidyverse
+---
+

content/posts/2026/old-android-new-tricks/index.md

@@ -0,0 +1,93 @@
+---
+title: "Teaching an old Android new tricks"
+description: >
+    An oldish Android phone suddenly refused to connect to an IMAP server.
+    The error message was not helpful at all. The solution was that the IMAP
+    server's SSL certificate had been issued by a different Certificate
+    Authority than before, and this CA's root certificate was not known to
+    the phone.
+date: 2026-01-01T18:00:00+0200
+draft: false
+# ShowLastmod: true
+toc: false
+scrolltotop: true
+images: []
+tags:
+  - academia
+  - network
+  - phone
+---
+
+A few days ago, my smartphone suddenly stopped synchronizing my university emails.
+I use [Aqua Mail][] to work with my emails on a Samsung Galaxy S20 FE. This phone
+was purchased in 2021.
+
+Aqua Mail worked perfectly well with both my personal as well as my university
+email accounts. But now it refused to connect to the university's IMAP server:
+
+{{< figure src="aqua-mail-no-peer-certificate.png"
+    caption="Aqua Mail complaining about the absence of a peer certificate." >}}
+
+The German error message says (somewhat clumsily): **"Error Messages being
+synchronized: Invalid security certificate (SSL): No peer certificates."**
+
+I suspected the mail server to be at fault. After all, my setup used to work.
+However, my laptop mail client was able to connect to the IMAP server without
+any problem.
+
+Web search with "Aqua Mail no peer certificates" wasn't helpful at all, either.
+
+So I manually initiated an IMAP session with the server from the command line:
+
+```fish
+openssl s_client -connect $REDACTED:993 -crlf
+```
+
+This went well -- I simply terminated the session by issuing
+
+```plain
+a logout
+```
+
+(If you, like me, are not fluent in IMAP -- the `a` in front of the logout
+command is an arbitrary, but required identifying prefix.)
+
+The output started with these lines:
+
+```plain
+Connecting to [REDACTED]
+CONNECTED(00000003)
+depth=2 C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS RSA Root CA 2021
+verify return:1
+depth=1 C=GR, O=Hellenic Academic and Research Institutions CA, CN=GEANT TLS RSA 1
+verify return:1
+depth=0 C=DE, ST=[REDACTED], O=[REDACTED], CN=[REDACTED]
+verify return:1
+---
+Certificate chain
+# ...
+```
+
+This caught my eye. I remembered an announcement that the university
+was going to obtain their certificates from [HARICA][] in the future,
+and evidently, the future is now.
+
+Sure enough, I did _not_ find the root certificate "HARICA TLS RSA Root CA 2021"
+in the root certificate store of my phone. There were 3 HARICA certificates, but
+not the required one "HARICA TLS RSA Root CA 2021".
+
+{{< figure src="android-root-certificates.png"
+    caption="The root certificates of this 2021 Android phone do not include HARICA TLS RSA Root CA 2021." >}}
+
+From there, the solution was simple. I downloaded the missing root certificate from
+[HARICA's repository][] to my phone and installed it from there.
+
+Now Aqua Mail happily syncs my uni mail account again.
+
+Sometimes it pays off to try and teach an old dog new tricks!
+
+Happy New Year.
+
+[Aqua Mail]: https://aqua-mail.com/android
+[HARICA]: https://www.harica.eu
+[HARICA's repository]: https://repo.harica.gr/rep_dyn.php