Hi,
fetchmail's log told me, that there is something wrong with the setup
of the certificats.
In the log there is the following section
fetchmail: Server certificate:
fetchmail: Issuer Organization: Thawte Consulting cc
fetchmail: Issuer CommonName: Thawte Premium Server CA
fetchmail: Subject CommonName: pop.gmx.net
fetchmail: pop.gmx.net key fingerprint:
A6:57:BC:4A:97:AD:DB:99:00:E9:3A:B8:81:55:D7:B6
fetchmail: Server certificate verification error: unable to get local
issuer certificate
fetchmail: This means that the root signing certificate (issued for
/C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=pop.gmx.net) is not in the trusted CA
certificate locations, or that c_rehash needs to be run on the certificate
directory. For details, please see the documentation of --sslcertpath and
--sslcertfile in the manual page.
fetchmail: Server certificate:
fetchmail: Issuer Organization: Thawte Consulting cc
fetchmail: Issuer CommonName: Thawte Premium Server CA
fetchmail: Subject CommonName: pop.gmx.net
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate:
fetchmail: Issuer Organization: Thawte Consulting cc
fetchmail: Issuer CommonName: Thawte Premium Server CA
fetchmail: Subject CommonName: pop.gmx.net
fetchmail: Server certificate verification error: unable to verify the
first certificate
fetchmail: Warning: the connection is insecure, continuing anyways. (Better
use --sslcertck!)
In beforehand I did the following:
>From the output of this command
#> openssl s_client -connect pop.gmx.net:995 -showcerts
I copied the section
-----BEGIN CERTIFICATE-----
MIIDUzCCArygAwIBAgIQDNZUbIDJ5EM+DVSd5AzXOjANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTEwMDQyMjAwMDAwMFoXDTEzMDUwOTIzNTk1OVow
WDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxQGTXVuaWNo
MREwDwYDVQQKFAhHTVggR21iSDEUMBIGA1UEAxQLcG9wLmdteC5uZXQwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMu3VYZP3YqpNweeIp+zIYtAlYL9Nya5hq6j
k+ShUtukV1746nqJto70+4oNhCYJ33mMw+vS5fODjuggG+Z1xcL5YU8mUyG2E7fH
YkfNtHHMhRntN15ml7Kv3c52kmOI09r2psnlNPkkNx5shneON8jZfXYlqQq5Vq1l
Hz+jEjFrAgMBAAGjgaYwgaMwDAYDVR0TAQH/BAIwADBABgNVHR8EOTA3MDWgM6Ax
hi9odHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlU2VydmVyUHJlbWl1bUNBLmNy
bDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYIKwYBBQUHAQEEJjAk
MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA0GCSqGSIb3DQEB
BQUAA4GBAF/BVQRh2QOAtH8491d2XIKqdRZNY4OUMh6qccb0xLGNTDx3E4iwoYHc
yi2axElQG+7VAEIbDftzfhVUttsPwLI0BM2Nvz6KkwnlrJmt9HuZOjyv9M6szCxX
jHqVXkTDtrvRzT3hHTLD63l4PAqAUDpR4Th4N23IyxpgVqmYZwoJ
-----END CERTIFICATE-----
into a file "pop.gmx.net.pem" and copied ths file into
/etc/fetchmail/certs
Than I downloaded the whole package of root certificates from here
https://www.verisign.com/support/thawte-roots.zip
unpacked it and copied each *.pem file into /etc/fetchmail/certs also.
I renamend the files to not to contain blanks with detox.
Then I run as root the command
$> c_rehash /etc/fetchmail/certs
I checked /etc/fetchmail/certs and found all files being symlinked to
something which looks like hash keys (?).
c_hash does not submit any error message.
After this I added below the poll section of my accounts
$HOME/.fetchmailrc the following line:
sslcertpath /etc/fetchmail/certs
Nonetheless fetchmail complains about local certifcates.
What do I have to do to fix this ?
Best regards and thank you for any help in advance!
mcc
