Re: Fetchmail certificate problem

[Camaleón <noelamac@gmail.com>]

On Fri, 28 Oct 2011 08:19:46 +0200, Johann Spies wrote:

> With the following fetchmail config:
> 
>  poll xxxx protocol imap:
>    no dns
>  #  port 993
>    user johann.spies@alterit.co.za js here password "xxxxxxx"
> #   ssl
> #   sslcertck                            # Check the certificates #  
> sslcertpath /etc/ssl/certs           # Path to the certificates
>    fetchall
>    mda "formail -s /usr/bin/procmail -f- -d js@localhost"
> 
> I get this error message:
> 
> fetchmail: Server certificate verification error: self signed
> certificate 

(...)

That's a normal warning.

> But I get my email.

Good.

> Changing it to uncomment
> 
> sslcertck and
> sslcertpath /etc/ssl/certs
> 
> I get this:
> 
> fetchmail: Server CommonName mismatch: localhost != alterit.co.za
> fetchmail: Server certificate verification error: self signed
> certificate fetchmail: This means that the root signing certificate
> (issued for
> /C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/
emailAddress=webaster@localhost)
> is not in the trusted CA certificate locations, or that c_rehash needs
> to be run on the certificate directory. For details, please see the
> documentation of --sslcertpath and --sslcertfile in the manual page.

(...)

> In this case fetching the email fails.

That's bad ;-(

> The service provider sent me a certificiate which I did put in the path
> referred to in the configuration but it did not solve the problem.
> 
> How can I solve this problem?

Maybe is that you need to update CA certificate database? :-?

(read "man update-ca-certificates")

Greetings,

-- 
Camaleón