1 |
Hi, |
2 |
|
3 |
fetchmail's log told me, that there is something wrong with the setup |
4 |
of the certificats. |
5 |
|
6 |
In the log there is the following section |
7 |
fetchmail: Server certificate: |
8 |
fetchmail: Issuer Organization: Thawte Consulting cc |
9 |
fetchmail: Issuer CommonName: Thawte Premium Server CA |
10 |
fetchmail: Subject CommonName: pop.gmx.net |
11 |
fetchmail: pop.gmx.net key fingerprint: A6:57:BC:4A:97:AD:DB:99:00:E9:3A:B8:81:55:D7:B6 |
12 |
fetchmail: Server certificate verification error: unable to get local issuer certificate |
13 |
fetchmail: This means that the root signing certificate (issued for /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=pop.gmx.net) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. |
14 |
fetchmail: Server certificate: |
15 |
fetchmail: Issuer Organization: Thawte Consulting cc |
16 |
fetchmail: Issuer CommonName: Thawte Premium Server CA |
17 |
fetchmail: Subject CommonName: pop.gmx.net |
18 |
fetchmail: Server certificate verification error: certificate not trusted |
19 |
fetchmail: Server certificate: |
20 |
fetchmail: Issuer Organization: Thawte Consulting cc |
21 |
fetchmail: Issuer CommonName: Thawte Premium Server CA |
22 |
fetchmail: Subject CommonName: pop.gmx.net |
23 |
fetchmail: Server certificate verification error: unable to verify the first certificate |
24 |
fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) |
25 |
|
26 |
|
27 |
In beforehand I did the following: |
28 |
|
29 |
From the output of this command |
30 |
#> openssl s_client -connect pop.gmx.net:995 -showcerts |
31 |
|
32 |
I copied the section |
33 |
|
34 |
-----BEGIN CERTIFICATE----- |
35 |
MIIDUzCCArygAwIBAgIQDNZUbIDJ5EM+DVSd5AzXOjANBgkqhkiG9w0BAQUFADCB |
36 |
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ |
37 |
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE |
38 |
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh |
39 |
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl |
40 |
cnZlckB0aGF3dGUuY29tMB4XDTEwMDQyMjAwMDAwMFoXDTEzMDUwOTIzNTk1OVow |
41 |
WDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxQGTXVuaWNo |
42 |
MREwDwYDVQQKFAhHTVggR21iSDEUMBIGA1UEAxQLcG9wLmdteC5uZXQwgZ8wDQYJ |
43 |
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMu3VYZP3YqpNweeIp+zIYtAlYL9Nya5hq6j |
44 |
k+ShUtukV1746nqJto70+4oNhCYJ33mMw+vS5fODjuggG+Z1xcL5YU8mUyG2E7fH |
45 |
YkfNtHHMhRntN15ml7Kv3c52kmOI09r2psnlNPkkNx5shneON8jZfXYlqQq5Vq1l |
46 |
Hz+jEjFrAgMBAAGjgaYwgaMwDAYDVR0TAQH/BAIwADBABgNVHR8EOTA3MDWgM6Ax |
47 |
hi9odHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlU2VydmVyUHJlbWl1bUNBLmNy |
48 |
bDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYIKwYBBQUHAQEEJjAk |
49 |
MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA0GCSqGSIb3DQEB |
50 |
BQUAA4GBAF/BVQRh2QOAtH8491d2XIKqdRZNY4OUMh6qccb0xLGNTDx3E4iwoYHc |
51 |
yi2axElQG+7VAEIbDftzfhVUttsPwLI0BM2Nvz6KkwnlrJmt9HuZOjyv9M6szCxX |
52 |
jHqVXkTDtrvRzT3hHTLD63l4PAqAUDpR4Th4N23IyxpgVqmYZwoJ |
53 |
-----END CERTIFICATE----- |
54 |
|
55 |
into a file "pop.gmx.net.pem" and copied ths file into |
56 |
/etc/fetchmail/certs |
57 |
|
58 |
Than I downloaded the whole package of root certificates from here |
59 |
https://www.verisign.com/support/thawte-roots.zip |
60 |
unpacked it and copied each *.pem file into /etc/fetchmail/certs also. |
61 |
I renamend the files to not to contain blanks with detox. |
62 |
|
63 |
|
64 |
Then I run as root the command |
65 |
$> c_rehash /etc/fetchmail/certs |
66 |
|
67 |
I checked /etc/fetchmail/certs and found all files being symlinked to |
68 |
something which looks like hash keys (?). |
69 |
|
70 |
c_hash does not submit any error message. |
71 |
|
72 |
After this I added below the poll section of my accounts |
73 |
$HOME/.fetchmailrc the following line: |
74 |
|
75 |
sslcertpath /etc/fetchmail/certs |
76 |
|
77 |
Nonetheless fetchmail complains about local certifcates. |
78 |
|
79 |
What do I have to do to fix this ? |
80 |
|
81 |
Best regards and thank you for any help in advance! |
82 |
mcc |