fetchmail certificate verification messages

Dan Nelson dnelson at allantgroup.com
Sun Jul 4 05:33:24 UTC 2010

In the last episode (Jul 03), Marco Beishuizen said:
> I'm seeing in my logfiles a lot of messages like these from fetchmail:
> Jul  3 22:02:54 yokozuna fetchmail[1437]: Server certificate verification 
> error: self signed certificate in certificate chain
> Jul  3 22:02:54 yokozuna fetchmail[1437]: This means that the root signing 
> certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External TTP 
> Network/CN=AddTrust External CA Root) is not in the trusted CA certificate 
> locations, or that c_rehash needs to be run on the certificate directory. 
> For details, please see the documentation of sslcertpath and 
> sslcertfile in the manual page.
> Does anyone know what these messages mean and if they are harmless or not?

Probably harmless, unless someone has forged a certificate chain using a
fake "AddTrust External CA Root" cert at the top.  Installing the
security/ca_root_nss port (make sure you enable the ETCSYMLINK option) will
probably silence it.

	Dan Nelson
	dnelson at allantgroup.com

More information about the freebsd-questions mailing list