On Thu, Mar 02, 2006 at 12:19:58PM -0500, Penguin Lover Willie Wong squawked: > [12:12 PM]wwong ~ $ fetchmail > fetchmail: Server certificate verification error: unable to get local issuer > certificate > fetchmail: Server certificate verification error: certificate not trusted > fetchmail: Server certificate verification error: unable to verify the first > certificate > > --sslcertpath <directory> > (Keyword: sslcertpath) Sets the directory fetchmail uses to look > up local certificates. The default is your OpenSSL default one. > The directory must be hashed as OpenSSL expects it - every time > you add or modify a certificate in the directory, you need to > use the c_rehash tool (which comes with OpenSSL in the tools/ > subdirectory). > > so I guess my question is how to import a certificate into OpenSSL? >
Nevermind, solved. First, download the certificate [say, "university.crt"] Second, [the step I was missing, from 'man x509'], openssl x509 -in university.crt -addtrust emailProtection -out uni.pem Third, put the file uni.pem into a directory, say ~/.my_trusted_certs Fourth, run c_rehash ~/.my_trusted_certs Fifth, edit the .fetchmailrc to append 'sslcertpath "$HOME/.my_trusted_certs"' to the university's line. Now it works without the error. W -- "All of this is on the web, so other people know it too." ~DeathMech, S. Sondhi. P-town PHY 205 Sortir en Pantoufles: up 110 days, 10:35 -- gentoo-user@gentoo.org mailing list
