Davmail calculates the SHA-1 hash for any exchange server that it connects to and places it in its davmail.properties configuration file.

When the exchange server changes the SSL certificate, you have to update it in the davmail.properties file, or else you will face the following exception in any client trying to connect to it:

Connect exception: javax.net.ssl.SSLHandshakeException java.security.cert.CertificateException: User rejected certificate

To resolve this, you have to calculate the SHA-1 hash of the new certificate.

There are many ways to do this, you could either use the gnutls utility:

sudo apt install -y gnutls-bin && gnutls-cli -p 443 mail.server.url | grep SHA

You should then grab the SHA-1 fingerprint value and place it in the file (will explain that in the next step, cause it needs a small tweak).

The second way is to just use a browser like chrome, visit the url and click the secure icon next to the it, then click the certificate (whether valid or invalid) and copy the SHA-1 Fingerprint value:

Last step would be to do the following (VERY IMPORTANT):

1. Convert all characters to capital letters
2. Make sure a colon and a preceding backslash are put between each pair
3. Remove all zeros

For example:

5e12f249a94e49273de0d3104c83420b023c226C

will be converted to

5E\:12\:F2\:49\:A9\:4E\:49\:27\:3D\:E0\:D3\:10\:4C\:83\:42\:B\:2\:3C\:22\:6C

Now finally copy that string and paste it inside your davmail.properties file in davmail.server.certificate.hash, i.e.:

davmail.server.certificate.hash=5E\:12\:F2\:49\:A9\:4E\:49\:27\:3D\:E0\:D3\:10\:4C\:83\:42\:B\:2\:3C\:22\:6C

Restart the davmail service, and you’re done!

Enjoy!

Sources:

1. https://sourceforge.net/p/davmail/mailman/message/34218836/
2. https://sourceforge.net/p/davmail/mailman/message/34109741/