[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fetchmail certificate problem

With the following fetchmail config:

 poll xxxx protocol imap:
   no dns
 #  port 993
   user johann.spies@alterit.co.za js here
   password "xxxxxxx"
#   ssl 
#   sslcertck                            # Check the certificates
#   sslcertpath /etc/ssl/certs           # Path to the certificates
   fetchall
   mda "formail -s /usr/bin/procmail -f- -d js@localhost"

I get this error message:

fetchmail: Server certificate verification error: self signed certificate
fetchmail: This means that the root signing certificate (issued for /C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webaster@localhost) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: Warning: the connection is insecure, continuing
anyways. (Better use --sslcertck!)

But I get my email.

Changing it to uncomment

sslcertck and 
sslcertpath /etc/ssl/certs

I get this:

fetchmail: Server CommonName mismatch: localhost != alterit.co.za
fetchmail: Server certificate verification error: self signed certificate
fetchmail: This means that the root signing certificate (issued for /C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webaster@localhost) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
140204723410600:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1059:
fetchmail: alterit.co.za: upgrade to TLS failed.
fetchmail: Unknown login or authentication error on johann.spies@alterit.co.za
fetchmail: socket error while fetching from johann.spies@alterit.co.za
fetchmail: Query status=2 (SOCKET)

In this case fetching the email fails.

The service provider sent me a certificiate which I did put in the path
referred to in the configuration but it did not solve the problem.

How can I solve this problem?

Regards
Johann
-- 
Johann Spies                            Telefoon: 021-808 4699
Databestuurder /  Data manager

Sentrum vir Navorsing oor Evaluasie, Wetenskap en Tegnologie
Centre for Research on Evaluation, Science and Technology 
Universiteit Stellenbosch.

     "If a man abide not in me, he is cast forth as a  
      branch, and is withered; and men gather them, and cast
      them into the fire, and they are burned."             
                                             John 15:6
Reply to: