Certificate error
Jon Radel
jon at radel.com
Mon May 11 03:10:22 UTC 2015
On 5/10/15 5:07 PM, Ernie Luzar wrote:
> Hello list;
> Been trying to setup qpopper to use TLS.
> I am stuck at getting a self signed certificate to work.
> Running fetchmail on the host to get a good log of what is really
> happening
> as shown below. After that list is the script I use to build the
> certificates.
> Maybe some one can seen what I am doing wrong in the build cert script
> based on the errors shown in the fetchmail list..
> Thanks
A self-signed certificate and a certificate signed by your own CA aren't
even remotely the same thing; I'm confused as to what you're trying to
actually do. The list of openssl commands you give shouldn't result in
a self-signed certificate. See section 4 of
http://www.openssl.org/docs/HOWTO/certificates.txt for the incantation
for a self-signed certificate.
>
>
> fetchmail: Server certificate verification error: self signed certificate
> fetchmail: Missing trust anchor certificate:
>
>
As a result, I'm kind of confused as to why fetchmail is complaining
about a missing trust anchor for a self-signed certificate. But that
does lead to the question: Did you install the CA certificate, CA.cert,
where fetchmail will use it for verifying certificates? You should also
realize that if you want to use your own CA, you're much better off not
creating a new one willy-nilly, as you need to install the CA cert for
every client which you want to actually verify the certificates signed
by that CA. See
http://lists.ccil.org/pipermail/fetchmail-friends/2006-April/010051.html
for more.
--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150510/d3cad6f8/attachment.bin>
More information about the freebsd-questions
mailing list