FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 10-02-2010, 10:31 AM
 
Default fetchmail + certs = problems

Hi,

fetchmail's log told me, that there is something wrong with the setup
of the certificats.

In the log there is the following section
fetchmail: Server certificate:
fetchmail: Issuer Organization: Thawte Consulting cc
fetchmail: Issuer CommonName: Thawte Premium Server CA
fetchmail: Subject CommonName: pop.gmx.net
fetchmail: pop.gmx.net key fingerprint: A6:57:BC:4A:97:ADB:99:00:E9:3A:B8:81:557:B6
fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: This means that the root signing certificate (issued for /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=pop.gmx.net) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: Server certificate:
fetchmail: Issuer Organization: Thawte Consulting cc
fetchmail: Issuer CommonName: Thawte Premium Server CA
fetchmail: Subject CommonName: pop.gmx.net
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate:
fetchmail: Issuer Organization: Thawte Consulting cc
fetchmail: Issuer CommonName: Thawte Premium Server CA
fetchmail: Subject CommonName: pop.gmx.net
fetchmail: Server certificate verification error: unable to verify the first certificate
fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)


In beforehand I did the following:

From the output of this command
#> openssl s_client -connect pop.gmx.net:995 -showcerts

I copied the section

-----BEGIN CERTIFICATE-----
MIIDUzCCArygAwIBAgIQDNZUbIDJ5EM+DVSd5AzXOjANBgkqhk iG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZT ESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZy BjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB 8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFh lwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTEwMDQyMjAwMDAwMFoXDTEzMD UwOTIzNTk1OVow
WDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjEPMA0GA1 UEBxQGTXVuaWNo
MREwDwYDVQQKFAhHTVggR21iSDEUMBIGA1UEAxQLcG9wLmdteC 5uZXQwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMu3VYZP3YqpNweeIp+zIY tAlYL9Nya5hq6j
k+ShUtukV1746nqJto70+4oNhCYJ33mMw+vS5fODjuggG+Z1xc L5YU8mUyG2E7fH
YkfNtHHMhRntN15ml7Kv3c52kmOI09r2psnlNPkkNx5shneON8 jZfXYlqQq5Vq1l
Hz+jEjFrAgMBAAGjgaYwgaMwDAYDVR0TAQH/BAIwADBABgNVHR8EOTA3MDWgM6Ax
hi9odHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlU2VydmVyUH JlbWl1bUNBLmNy
bDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYIKw YBBQUHAQEEJjAk
MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA 0GCSqGSIb3DQEB
BQUAA4GBAF/BVQRh2QOAtH8491d2XIKqdRZNY4OUMh6qccb0xLGNTDx3E4iwo YHc
yi2axElQG+7VAEIbDftzfhVUttsPwLI0BM2Nvz6KkwnlrJmt9H uZOjyv9M6szCxX
jHqVXkTDtrvRzT3hHTLD63l4PAqAUDpR4Th4N23IyxpgVqmYZw oJ
-----END CERTIFICATE-----

into a file "pop.gmx.net.pem" and copied ths file into
/etc/fetchmail/certs

Than I downloaded the whole package of root certificates from here
https://www.verisign.com/support/thawte-roots.zip
unpacked it and copied each *.pem file into /etc/fetchmail/certs also.
I renamend the files to not to contain blanks with detox.


Then I run as root the command
$> c_rehash /etc/fetchmail/certs

I checked /etc/fetchmail/certs and found all files being symlinked to
something which looks like hash keys (?).

c_hash does not submit any error message.

After this I added below the poll section of my accounts
$HOME/.fetchmailrc the following line:

sslcertpath /etc/fetchmail/certs

Nonetheless fetchmail complains about local certifcates.

What do I have to do to fix this ?

Best regards and thank you for any help in advance!
mcc
 

Thread Tools




All times are GMT. The time now is 12:14 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org