On Mon, Nov 10, 2008 at 10:52:41PM -0800, Jeremy Chadwick wrote: > On Tue, Nov 11, 2008 at 07:18:31AM +0100, Polytropon wrote: > > Secondly, this is a very, very common question on the fetchmail-users > public mailing list (not at freebsd.org). Google returns hundreds of > results for "unable to get local issuer" fetchmail.
Perhaps now but it wasn't as common a couple of weeks ago when it bit me. > These messages mean that the POP3+SSL or IMAP+SSL server's SSL certs > cannot be verified by fetchmail. What you see are warnings, not > errors, which is why fetching mail works regardless. It's recommended > you fix the warnings. Yes, they were warnings that TLS failed and that it fell back to unencrypted plain password. :-( Run "fetchmail -v" and see precisely what the failure was and the solution. > fetchmail-6.3.8_7, and a couple earlier versions (I would have to check > to see when it was added), include security/ca_root_nss as a dependency. I already had that but still had the problem. > That port includes a list of common public CAs which certificates (on > the server) can be verified against. Running "fetchmail -v" I saw that I needed "Equifax Secure Global eBusiness CA-1" which was apparently lacking from ca_root_nss. Downloaded from Equifax (Safari on MacOS was happy with their cert) and added them myself to /usr/local/certs. Some instructions said one must run some sort of indexing utility against the certs. I found the utility somewhere practically hidden and tried it. Generated files unlike anything I had previously. Deleted extra and everything works anyway. -- David Kelly N4HHE, [EMAIL PROTECTED] ======================================================================== Whom computers would destroy, they must first drive mad. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"