[gentoo-user] Re: Importing Certificate Authority
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, June 15, 2007 18:34, Willie Wong wrote: Hi group, Is there anyway of importing a certificate authority for just one user? My university/department uses a self-signed SSL certificate for IMAPS, and since it was implemented, 'fetchmail' from my machine always generates an error message fetchmail: Server certificate verification error: self-signed certificate in certifiate chain and so my inbox gets slightly cluttered with these error messages from the cron job. So the certificate (I think) is here: http://www.math.princeton.edu/math.crt How do I tell my computer to trust the certificate? (In particular, with fetchmail?) Retrieve the certificate from the previous address and move it to a directory D, and add the following lines to your .fetchmailrc : = sslcertpath D # where D is the directory where is the certificate = You can also add sslcertck if you want fetchmail to check whether the certificate presented by the server is trusted or not... Thanks, W -- M: I hope I don't squish your head. (Leaning back on chair) W: It's okay. Wait a minute. It's NOT okay (Lying under chair) Sortir en Pantoufles: up 189 days, 14:44 -- [EMAIL PROTECTED] mailing list - -- http://www.linuxant.fr/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGcsiAmSNaOeTZvg0RArAeAKCh2yCoX2k/l3x00rWy4p8LiA0e7ACgv7AM UyMPcpGI/d2M16OkJftmGEg= =EyGI -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: Importing Certificate Authority
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, June 15, 2007 19:12, Xavier Parizet wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, June 15, 2007 18:34, Willie Wong wrote: Hi group, Is there anyway of importing a certificate authority for just one user? My university/department uses a self-signed SSL certificate for IMAPS, and since it was implemented, 'fetchmail' from my machine always generates an error message fetchmail: Server certificate verification error: self-signed certificate in certifiate chain and so my inbox gets slightly cluttered with these error messages from the cron job. So the certificate (I think) is here: http://www.math.princeton.edu/math.crt How do I tell my computer to trust the certificate? (In particular, with fetchmail?) Retrieve the certificate from the previous address and move it to a directory D, and add the following lines to your .fetchmailrc : = sslcertpath D # where D is the directory where is the certificate = You can also add sslcertck if you want fetchmail to check whether the certificate presented by the server is trusted or not... I forget to tell you that you have to run c_rehash in the directory where you have stored the certificate to make symbolic links whith his hash value... Thanks, W -- M: I hope I don't squish your head. (Leaning back on chair) W: It's okay. Wait a minute. It's NOT okay (Lying under chair) Sortir en Pantoufles: up 189 days, 14:44 -- [EMAIL PROTECTED] mailing list - -- http://www.linuxant.fr/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGcsiAmSNaOeTZvg0RArAeAKCh2yCoX2k/l3x00rWy4p8LiA0e7ACgv7AM UyMPcpGI/d2M16OkJftmGEg= =EyGI -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list - -- http://www.linuxant.fr/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGctBCmSNaOeTZvg0RAq0pAKC3+qSUAX96lEoWgxya6yFbm4dRUQCbBADg fSlXLFhLiRIs8vPhwGxiBhg= =SnF2 -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Importing Certificate Authority
On Fri, Jun 15, 2007 at 07:45:38PM +0200, Penguin Lover Xavier Parizet squawked: So the certificate (I think) is here: http://www.math.princeton.edu/math.crt How do I tell my computer to trust the certificate? (In particular, with fetchmail?) Retrieve the certificate from the previous address and move it to a directory D, and add the following lines to your .fetchmailrc : = sslcertpath D # where D is the directory where is the certificate = You can also add sslcertck if you want fetchmail to check whether the certificate presented by the server is trusted or not... Oh god, this is embarassing. Something that you wrote in there clicked, and I went back to my archives, and found that I actually wrote a miniHowto for my local LUG on precisely this about 16 months ago. So I have actually implemented what you wrote, just that I forgot about it. This also means that, unforunately, doing just this is not enough to prevent the self-signed certificate warning. But thanks to that, I got on the right direction: turns out that my department switched from using a self-signed certificate to using one from IPSCA, so I've been barking up the wrong tree when trying to solve the problem. The link that I gave was, apparent to me now, old, and so importing that cert had no impact. I went and imported the IPSCA root cert and now all's good. W -- His eyes seemed to be popping out of his head. He wasn't certain if this was because they were trying to see more clearly, or if they simply wanted to leave at this point. - Arthur trying to see who had diverted him from going to a party. Sortir en Pantoufles: up 189 days, 17:58 -- [EMAIL PROTECTED] mailing list
