Certificate error
Ernie Luzar
luzar722 at gmail.com
Mon May 11 23:40:39 UTC 2015
Lowell Gilbert wrote:
Ernie Luzar [1]<luzar722 at gmail.com> writes:
When I run fetchmail againest my ISP mail pop server it runs fine and
populates my postfix server and shows basically the same log
sequence.
Your ISP's POP server has a certificate signed by a certificate
authority that fetchmail trusts.
I just change the poll and user statements in
.fetchmailrc.
Your personal POP server does *not* have a certificate signed by a
certificate authority that fetchmail trusts.
Please answer the following question as directly as you can: how did you
configure fetchmail to accept the certificate being used by your
personal POP server?
The normal way you configure fetchmail to accept a self-signed
certificate is by using the "sslfingerprint" option in your
.fetchmailrc file. Have you done this?
No
When I tried to get the fingerprint source
openssl s_client -connect pop.a1poweruser.com:110 -showcerts
CONNECTED(00000003)
675508300:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_cln
t.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I thought qpopper would have launched TLS when s_client connected. At a
lost of what to do next.
Here is my qpopper.conf
set server-mode = true
set statistics = true
set shy = true
set fast-update = true
set reverse-lookup = false
set log-facility = mail
set tls-support = stls
set clear-text-password = tls
set tls-server-cert-file = /usr/local/etc/qpopper/fme-cert.pem
set tls-private-key-file = /usr/local/etc/qpopper/fme-key.pem
References
1. mailto:luzar722 at gmail.com
More information about the freebsd-questions
mailing list