Am 01.01.22 um 17:53 schrieb László Böszörményi (GCS): > On Sat, Jan 1, 2022 at 2:30 PM Karsten <deb...@decotrain.de> wrote: >> But it would be helpful for others what must be done to create and install >> this new "client side certificate" that >> appears about 2018? > I think the certificate issue was there right from the beginning.
Definitely no. Mails where fetched for about 5 years without any problem. > OpenSSL might not have forced its usage or just ignored it if it > wasn't present? But in modern times everyone should be aware of > privacy and if s/he really connects to the valid server and not > suffering a man in the middle attack. As noted, if you don't care > about your own safety, just use fetchmail with --nosslcertck. I'm caring about safety and privacy, that's the reason encryption with private certificates are used. > You should already have your Certificate Authority (CA) key. The > missing step documented there: > https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/ > and is (where INFILE is your CA key in PKCS #12 format): > openssl pkcs12 -in INFILE.p12 -out OUTFILE.crt -nokeys > Then feed it to fetchmail with --sslcertfile. But I don't do it often, > might be wrong as I don't even know your particular state. In this case the original private certificate from the server is needed? Why a client must have additional files now to access an server? Sorry, but this basics are not understandable. Cheers karsten