Thanks, Ryan. That's really helpful.
One more clarification: is the forceTrust flag meant to be used with the ssl flag, or instead of it?
I can connect when I specify just forceTrust=1 but not with both forceTrust=1 and ssl=1. But if I specify just forceTrust=1, am I still establishing an SSL connection?
To put it another way, does forceTrust=1 mean "connect with SSL, and tell Java to trust the cert", or does it mean "tell Java to trust the cert and connect with SSL only if I also set ssl=1"?
Background: The reason I ask is that they did get a signed certificate yesterday, but I still can't connect when I set ssl=1.
(I can connect with just forceTrust=1, but not with just ssl=1, and not with both forceTrust=1 and ssl=1.)
I'm not sure if the problem is that they haven't configured the certificate correctly (we've already had some issues with this), or if it's because the cert was issued by GoDaddy. (I found a whole bunch of articles from 2014 stating that newer GoDaddy certs are not in the java cert store, but it looks like that may have been fixed, so I don't know if that's actually relevant.)
The client needs to start using the email functionality very soon, so if just forceTrust=1 is a secure connection, I'd like to enable that while we troubleshoot the rest.