Certificate error

Ernie Luzar luzar722 at gmail.com
Mon May 11 23:40:39 UTC 2015

   Lowell Gilbert wrote:

Ernie Luzar [1]<luzar722 at gmail.com> writes:

When I run fetchmail againest my ISP mail pop server it runs fine and
populates my postfix server and shows basically the same log

Your ISP's POP server has a certificate signed by a certificate
authority that fetchmail trusts.

          I just change the poll  and user statements in

Your personal POP server does *not* have a certificate signed by a
certificate authority that fetchmail trusts.

Please answer the following question as directly as you can: how did you
configure fetchmail to accept the certificate being used by your
personal POP server?

The normal way you configure fetchmail to accept a self-signed
certificate is by using the "sslfingerprint" option in your
.fetchmailrc file. Have you done this?

   When I tried to get the fingerprint source
   openssl s_client -connect pop.a1poweruser.com:110 -showcerts
   675508300:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
   no peer certificate available
   No client certificate CA names sent
   SSL handshake has read 7 bytes and written 307 bytes
   New, (NONE), Cipher is (NONE)
   Secure Renegotiation IS NOT supported
   Compression: NONE
   Expansion: NONE
   I thought qpopper would have launched TLS when s_client connected. At a
   lost of what to do next.
   Here is my qpopper.conf
   set server-mode = true
   set statistics = true
   set shy = true
   set fast-update = true
   set reverse-lookup = false
   set log-facility = mail
   set tls-support = stls
   set clear-text-password = tls
   set tls-server-cert-file = /usr/local/etc/qpopper/fme-cert.pem
   set tls-private-key-file = /usr/local/etc/qpopper/fme-key.pem


   1. mailto:luzar722 at gmail.com

More information about the freebsd-questions mailing list