I probably misunderstand how SSL certificates work. $ cat .fetchmailrc poll staff-imap-srv.bris.ac.uk protocol imap user "mexas" password "xxxxxxx" sslcertck sslcertfile /home/mexas/cert/uob-net-ca.crt fetchall $
$ fetchmail fetchmail: Server certificate verification error: self signed certificate in certificate chain fetchmail: This means that the root signing certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. 98631:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:984: fetchmail: staff-imap-srv.bris.ac.uk: upgrade to TLS failed. fetchmail: Unknown login or authentication error on me...@epo.bris.ac.uk fetchmail: socket error while fetching from me...@staff-imap-srv.bris.ac.uk fetchmail: Query status=2 (SOCKET) $ The /home/mexas/cert/uob-net-ca.crt file is supposed to be the univerisity certificate: -----BEGIN CERTIFICATE----- *several lines* -----END CERTIFICATE----- $ openssl verify uob-net-ca.crt uob-net-ca.crt: /O=University of Bristol/OU=IT Services (Networks)/emailAddress=service-d...@bristol.ac.uk/L=Bristol/ST=Avon/C=GB/CN=University of Bristol Net CA error 18 at 0 depth lookup:self signed certificate OK $ I read in the fetchmail manual something about c_rehash script, but I can only find one in /usr/ports/mail/cone/scripts/c_rehash The fetchmail also mentions that: *quote* Additionally, you might need to convert the certificates to different formats (the PEM format is expected and usually is available, DER is another one; you can convert between both using the openssl(1) utility's x509 sub-mode). *end quote* So, I'm not sure if I need to convert my certificate to PEM format or not? Please advise Many thanks -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
