Re: [gentoo-user] fetchmail + certs = problems - gentoo-user

From:	meino.cramer@×××.de
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] fetchmail + certs = problems
Date:	Mon, 04 Oct 2010 01:05:28
Message-Id:	`20101004003125.GA5738@solfire`
In Reply to:	Re: [gentoo-user] fetchmail + certs = problems by Heiko Zinke

1

Heiko Zinke <mails@××××××.com> [10-10-03 22:01]:

2

> On Sat, Oct 02, 2010 at 12:31:38PM +0200, meino.cramer@×××.de wrote:

3

> > Hi,

4

> >

5

> > fetchmail's log told me, that there is something wrong with the setup

6

> > of the certificats.

7

> >

8

> > In the log there is the following section

9

> >     fetchmail: Server certificate:

10

> >     fetchmail: Issuer Organization: Thawte Consulting cc

11

> >     fetchmail: Issuer CommonName: Thawte Premium Server CA

12

> >     fetchmail: Subject CommonName: pop.gmx.net

13

> >     fetchmail: pop.gmx.net key fingerprint: A6:57:BC:4A:97:AD:DB:99:00:E9:3A:B8:81:55:D7:B6

14

> >     fetchmail: Server certificate verification error: unable to get local issuer certificate

15

> >     fetchmail: This means that the root signing certificate (issued for /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=pop.gmx.net) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.

16

> >     fetchmail: Server certificate:

17

> >     fetchmail: Issuer Organization: Thawte Consulting cc

18

> >     fetchmail: Issuer CommonName: Thawte Premium Server CA

19

> >     fetchmail: Subject CommonName: pop.gmx.net

20

> >     fetchmail: Server certificate verification error: certificate not trusted

21

> >     fetchmail: Server certificate:

22

> >     fetchmail: Issuer Organization: Thawte Consulting cc

23

> >     fetchmail: Issuer CommonName: Thawte Premium Server CA

24

> >     fetchmail: Subject CommonName: pop.gmx.net

25

> >     fetchmail: Server certificate verification error: unable to verify the first certificate

26

> >     fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)

27

> >

28

> >

29

> > In beforehand I did the following:

30

>

31

> i did pretty much the same thing without success :(

32

>

33

> but the sslcertfile option in the default section of my .fetchmailrc finaly solved the problem:

34

> heiko@chiefwiggum:~> cat .fetchmailrc

35

> defaults

36

>     proto pop3

37

>     limit 0

38

>     mda "/usr/bin/procmail -d %T"

39

>     sslcertfile /etc/ssl/certs/ca-certificates.crt

40

>

41

> poll pop.1und1.de

42

>     user "xxx" keep ssl

43

>

44

> poll pop.gmx.net

45

>     user "xxx" keep ssl

46

>

47

>

48

> option sslcertfile in the fetchmail manpage and the update-ca-certificates manpage gave me the hint.

49

>

50

> cheers

51

> heiko

52

> >

53

> >

54

> >

55

> >

56

> >

57

> >

58

Hi Heiko,

59

60

looks good! ...and works!

61

Thank you for your help!

62

63

Best regards

64

mcc

>

69

> --

70

> This email is not and cannot, by its nature, be confidential. En route

71

> from me to you, it will pass across the public Internet, easily readable

72

> by any number of system administrators along the way. If you have received

73

> this message by mistake, it would be ridiculous for me to tell you not to

74

> read it or copy to anyone else, because, let's face it, if it's a message

75

> revealing confidential information or that could embarrass me intensely,

76

> that's precisely what you'll do. Who wouldn't? Likewise, it is superfluous

77

> for me to claim copyright in the contents, because I own that anyway, even

78

> if you print out a hard copy or disseminate this message all over the known

79

> universe.

80

> I don't know why so many corporate mail servers feel impelled to attach

81

> a disclaimer to the bottom of every email message saying otherwise. If

82

> you don't know either, why not email your corporate lawyers and system

83

> administrators and ask them why they insist on contributing so much to

84

> the waste of bandwidth? To say nothing of making the presence of your mail

85

> on public discussions or mailinglists of explicitly contratictory nature.

86

> May as well just delete it, eh? Oh, and this message is probably plagued

87

> with viruses as well.

1	Heiko Zinke <mails@××××××.com> [10-10-03 22:01]:
2	> On Sat, Oct 02, 2010 at 12:31:38PM +0200, meino.cramer@×××.de wrote:
3	> > Hi,
4	> >
5	> > fetchmail's log told me, that there is something wrong with the setup
6	> > of the certificats.
7	> >
8	> > In the log there is the following section
9	> > fetchmail: Server certificate:
10	> > fetchmail: Issuer Organization: Thawte Consulting cc
11	> > fetchmail: Issuer CommonName: Thawte Premium Server CA
12	> > fetchmail: Subject CommonName: pop.gmx.net
13	> > fetchmail: pop.gmx.net key fingerprint: A6:57:BC:4A:97:AD:DB:99:00:E9:3A:B8:81:55:D7:B6
14	> > fetchmail: Server certificate verification error: unable to get local issuer certificate
15	> > fetchmail: This means that the root signing certificate (issued for /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=pop.gmx.net) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
16	> > fetchmail: Server certificate:
17	> > fetchmail: Issuer Organization: Thawte Consulting cc
18	> > fetchmail: Issuer CommonName: Thawte Premium Server CA
19	> > fetchmail: Subject CommonName: pop.gmx.net
20	> > fetchmail: Server certificate verification error: certificate not trusted
21	> > fetchmail: Server certificate:
22	> > fetchmail: Issuer Organization: Thawte Consulting cc
23	> > fetchmail: Issuer CommonName: Thawte Premium Server CA
24	> > fetchmail: Subject CommonName: pop.gmx.net
25	> > fetchmail: Server certificate verification error: unable to verify the first certificate
26	> > fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)
27	> >
28	> >
29	> > In beforehand I did the following:
30	>
31	> i did pretty much the same thing without success :(
32	>
33	> but the sslcertfile option in the default section of my .fetchmailrc finaly solved the problem:
34	> heiko@chiefwiggum:~> cat .fetchmailrc
35	> defaults
36	> proto pop3
37	> limit 0
38	> mda "/usr/bin/procmail -d %T"
39	> sslcertfile /etc/ssl/certs/ca-certificates.crt
40	>
41	> poll pop.1und1.de
42	> user "xxx" keep ssl
43	>
44	> poll pop.gmx.net
45	> user "xxx" keep ssl
46	>
47	>
48	> option sslcertfile in the fetchmail manpage and the update-ca-certificates manpage gave me the hint.
49	>
50	> cheers
51	> heiko
52	> >
53	> >
54	> >
55	> >
56	> >
57	> >
58	Hi Heiko,
59
60	looks good! ...and works!
61	Thank you for your help!
62
63	Best regards
64	mcc
65
66
67
68	>
69	> --
70	> This email is not and cannot, by its nature, be confidential. En route
71	> from me to you, it will pass across the public Internet, easily readable
72	> by any number of system administrators along the way. If you have received
73	> this message by mistake, it would be ridiculous for me to tell you not to
74	> read it or copy to anyone else, because, let's face it, if it's a message
75	> revealing confidential information or that could embarrass me intensely,
76	> that's precisely what you'll do. Who wouldn't? Likewise, it is superfluous
77	> for me to claim copyright in the contents, because I own that anyway, even
78	> if you print out a hard copy or disseminate this message all over the known
79	> universe.
80	> I don't know why so many corporate mail servers feel impelled to attach
81	> a disclaimer to the bottom of every email message saying otherwise. If
82	> you don't know either, why not email your corporate lawyers and system
83	> administrators and ask them why they insist on contributing so much to
84	> the waste of bandwidth? To say nothing of making the presence of your mail
85	> on public discussions or mailinglists of explicitly contratictory nature.
86	> May as well just delete it, eh? Oh, and this message is probably plagued
87	> with viruses as well.

Gentoo Archives: gentoo-user