Certificate error

Jon Radel jon at radel.com
Mon May 11 03:10:22 UTC 2015

On 5/10/15 5:07 PM, Ernie Luzar wrote:
> Hello list;
> Been trying to setup qpopper to use TLS.
> I am stuck at getting a self signed certificate to work.
> Running fetchmail on the host to get a good log of what is really 
> happening
> as shown below. After that list is the script I use to build the 
> certificates.
> Maybe some one can seen what I am doing wrong in the build cert script
> based on the errors shown in the fetchmail list..
> Thanks
A self-signed certificate and a certificate signed by your own CA aren't 
even remotely the same thing; I'm confused as to what you're trying to 
actually do.  The list of openssl commands you give shouldn't result in 
a self-signed certificate.  See section 4 of 
http://www.openssl.org/docs/HOWTO/certificates.txt for the incantation 
for a self-signed certificate.

> fetchmail: Server certificate verification error: self signed certificate
> fetchmail: Missing trust anchor certificate:
As a result, I'm kind of confused as to why fetchmail is complaining 
about a missing trust anchor for a self-signed certificate.  But that 
does lead to the question:  Did you install the CA certificate, CA.cert, 
where fetchmail will use it for verifying certificates? You should also 
realize that if you want to use your own CA, you're much better off not 
creating a new one willy-nilly, as you need to install the CA cert for 
every client which you want to actually verify the certificates signed 
by that CA.  See 
for more.

--Jon Radel
jon at radel.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150510/d3cad6f8/attachment.bin>

More information about the freebsd-questions mailing list