fetchmail ssl error
mexas at bristol.ac.uk
Mon Jul 23 16:27:12 UTC 2012
I probably misunderstand how SSL certificates work.
$ cat .fetchmailrc
poll staff-imap-srv.bris.ac.uk protocol imap user "mexas" password "xxxxxxx" sslcertck sslcertfile /home/mexas/cert/uob-net-ca.crt fetchall
fetchmail: Server certificate verification error: self signed certificate in certificate chain
fetchmail: This means that the root signing certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
98631:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:984:
fetchmail: staff-imap-srv.bris.ac.uk: upgrade to TLS failed.
fetchmail: Unknown login or authentication error on mexas at epo.bris.ac.uk
fetchmail: socket error while fetching from mexas at staff-imap-srv.bris.ac.uk
fetchmail: Query status=2 (SOCKET)
The /home/mexas/cert/uob-net-ca.crt file is supposed
to be the univerisity certificate:
$ openssl verify uob-net-ca.crt
uob-net-ca.crt: /O=University of Bristol/OU=IT Services (Networks)/emailAddress=service-desk at bristol.ac.uk/L=Bristol/ST=Avon/C=GB/CN=University of Bristol Net CA
error 18 at 0 depth lookup:self signed certificate
I read in the fetchmail manual
something about c_rehash script,
but I can only find one in
The fetchmail also mentions that:
Additionally, you might need to convert the
certificates to different formats (the PEM format is expected and usually is
available, DER is another one; you can convert between both using the
openssl(1) utility's x509 sub-mode).
So, I'm not sure if I need to convert my
certificate to PEM format or not?
Room 2.6, Queen's Building
Mech Eng Dept
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
More information about the freebsd-questions