fetchmail certificate verification messages

Giorgos Keramidas keramida at ceid.upatras.gr
Mon Jul 5 06:05:41 UTC 2010


On Sat, 3 Jul 2010 23:36:58 +0200 (CEST), Marco Beishuizen <mbeis at xs4all.nl> wrote:
> Hi,
>
> I'm seeing in my logfiles a lot of messages like these from fetchmail:
>
> Jul  3 22:02:54 yokozuna fetchmail[1437]: Server certificate
>   verification error: self signed certificate in certificate chain
> Jul  3 22:02:54 yokozuna fetchmail[1437]: This means that the root
>   signing certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External
>   TTP Network/CN=AddTrust External CA Root) is not in the trusted CA
>   certificate locations, or that c_rehash needs to be run on the
>   certificate directory. For details, please see the documentation of
>   sslcertpath and sslcertfile in the manual page.
>
> Does anyone know what these messages mean and if they are harmless or
> not?

This means that the certificate of CN="AddTrust External CA Root" is
signed by itself.  It's a common thing when the administrator of the
respective SSL-enabled host has not bought a certificate from one of the
global CA authorities, but has signed the certificate with itself to
avoid the costs & process associated with maintaining a "normal"
certificate.

If you know that the respective domain is indeed set up this way, the
warning is harmless.



More information about the freebsd-questions mailing list