1 |
Heiko Zinke <mails@××××××.com> [10-10-03 22:01]: |
2 |
> On Sat, Oct 02, 2010 at 12:31:38PM +0200, meino.cramer@×××.de wrote: |
3 |
> > Hi, |
4 |
> > |
5 |
> > fetchmail's log told me, that there is something wrong with the setup |
6 |
> > of the certificats. |
7 |
> > |
8 |
> > In the log there is the following section |
9 |
> > fetchmail: Server certificate: |
10 |
> > fetchmail: Issuer Organization: Thawte Consulting cc |
11 |
> > fetchmail: Issuer CommonName: Thawte Premium Server CA |
12 |
> > fetchmail: Subject CommonName: pop.gmx.net |
13 |
> > fetchmail: pop.gmx.net key fingerprint: A6:57:BC:4A:97:AD:DB:99:00:E9:3A:B8:81:55:D7:B6 |
14 |
> > fetchmail: Server certificate verification error: unable to get local issuer certificate |
15 |
> > fetchmail: This means that the root signing certificate (issued for /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=pop.gmx.net) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. |
16 |
> > fetchmail: Server certificate: |
17 |
> > fetchmail: Issuer Organization: Thawte Consulting cc |
18 |
> > fetchmail: Issuer CommonName: Thawte Premium Server CA |
19 |
> > fetchmail: Subject CommonName: pop.gmx.net |
20 |
> > fetchmail: Server certificate verification error: certificate not trusted |
21 |
> > fetchmail: Server certificate: |
22 |
> > fetchmail: Issuer Organization: Thawte Consulting cc |
23 |
> > fetchmail: Issuer CommonName: Thawte Premium Server CA |
24 |
> > fetchmail: Subject CommonName: pop.gmx.net |
25 |
> > fetchmail: Server certificate verification error: unable to verify the first certificate |
26 |
> > fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) |
27 |
> > |
28 |
> > |
29 |
> > In beforehand I did the following: |
30 |
> |
31 |
> i did pretty much the same thing without success :( |
32 |
> |
33 |
> but the sslcertfile option in the default section of my .fetchmailrc finaly solved the problem: |
34 |
> heiko@chiefwiggum:~> cat .fetchmailrc |
35 |
> defaults |
36 |
> proto pop3 |
37 |
> limit 0 |
38 |
> mda "/usr/bin/procmail -d %T" |
39 |
> sslcertfile /etc/ssl/certs/ca-certificates.crt |
40 |
> |
41 |
> poll pop.1und1.de |
42 |
> user "xxx" keep ssl |
43 |
> |
44 |
> poll pop.gmx.net |
45 |
> user "xxx" keep ssl |
46 |
> |
47 |
> |
48 |
> option sslcertfile in the fetchmail manpage and the update-ca-certificates manpage gave me the hint. |
49 |
> |
50 |
> cheers |
51 |
> heiko |
52 |
> > |
53 |
> > |
54 |
> > |
55 |
> > |
56 |
> > |
57 |
> > |
58 |
Hi Heiko, |
59 |
|
60 |
looks good! ...and works! |
61 |
Thank you for your help! |
62 |
|
63 |
Best regards |
64 |
mcc |
65 |
|
66 |
|
67 |
|
68 |
> |
69 |
> -- |
70 |
> This email is not and cannot, by its nature, be confidential. En route |
71 |
> from me to you, it will pass across the public Internet, easily readable |
72 |
> by any number of system administrators along the way. If you have received |
73 |
> this message by mistake, it would be ridiculous for me to tell you not to |
74 |
> read it or copy to anyone else, because, let's face it, if it's a message |
75 |
> revealing confidential information or that could embarrass me intensely, |
76 |
> that's precisely what you'll do. Who wouldn't? Likewise, it is superfluous |
77 |
> for me to claim copyright in the contents, because I own that anyway, even |
78 |
> if you print out a hard copy or disseminate this message all over the known |
79 |
> universe. |
80 |
> I don't know why so many corporate mail servers feel impelled to attach |
81 |
> a disclaimer to the bottom of every email message saying otherwise. If |
82 |
> you don't know either, why not email your corporate lawyers and system |
83 |
> administrators and ask them why they insist on contributing so much to |
84 |
> the waste of bandwidth? To say nothing of making the presence of your mail |
85 |
> on public discussions or mailinglists of explicitly contratictory nature. |
86 |
> May as well just delete it, eh? Oh, and this message is probably plagued |
87 |
> with viruses as well. |