| 1 |
On Sat, Oct 02, 2010 at 12:31:38PM +0200, meino.cramer@×××.de wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> fetchmail's log told me, that there is something wrong with the setup |
| 5 |
> of the certificats. |
| 6 |
> |
| 7 |
> In the log there is the following section |
| 8 |
> fetchmail: Server certificate: |
| 9 |
> fetchmail: Issuer Organization: Thawte Consulting cc |
| 10 |
> fetchmail: Issuer CommonName: Thawte Premium Server CA |
| 11 |
> fetchmail: Subject CommonName: pop.gmx.net |
| 12 |
> fetchmail: pop.gmx.net key fingerprint: A6:57:BC:4A:97:AD:DB:99:00:E9:3A:B8:81:55:D7:B6 |
| 13 |
> fetchmail: Server certificate verification error: unable to get local issuer certificate |
| 14 |
> fetchmail: This means that the root signing certificate (issued for /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=pop.gmx.net) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. |
| 15 |
> fetchmail: Server certificate: |
| 16 |
> fetchmail: Issuer Organization: Thawte Consulting cc |
| 17 |
> fetchmail: Issuer CommonName: Thawte Premium Server CA |
| 18 |
> fetchmail: Subject CommonName: pop.gmx.net |
| 19 |
> fetchmail: Server certificate verification error: certificate not trusted |
| 20 |
> fetchmail: Server certificate: |
| 21 |
> fetchmail: Issuer Organization: Thawte Consulting cc |
| 22 |
> fetchmail: Issuer CommonName: Thawte Premium Server CA |
| 23 |
> fetchmail: Subject CommonName: pop.gmx.net |
| 24 |
> fetchmail: Server certificate verification error: unable to verify the first certificate |
| 25 |
> fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) |
| 26 |
> |
| 27 |
> |
| 28 |
> In beforehand I did the following: |
| 29 |
|
| 30 |
i did pretty much the same thing without success :( |
| 31 |
|
| 32 |
but the sslcertfile option in the default section of my .fetchmailrc finaly solved the problem: |
| 33 |
heiko@chiefwiggum:~> cat .fetchmailrc |
| 34 |
defaults |
| 35 |
proto pop3 |
| 36 |
limit 0 |
| 37 |
mda "/usr/bin/procmail -d %T" |
| 38 |
sslcertfile /etc/ssl/certs/ca-certificates.crt |
| 39 |
|
| 40 |
poll pop.1und1.de |
| 41 |
user "xxx" keep ssl |
| 42 |
|
| 43 |
poll pop.gmx.net |
| 44 |
user "xxx" keep ssl |
| 45 |
|
| 46 |
|
| 47 |
option sslcertfile in the fetchmail manpage and the update-ca-certificates manpage gave me the hint. |
| 48 |
|
| 49 |
cheers |
| 50 |
heiko |
| 51 |
> |
| 52 |
> |
| 53 |
> |
| 54 |
> |
| 55 |
> |
| 56 |
> |
| 57 |
|
| 58 |
-- |
| 59 |
This email is not and cannot, by its nature, be confidential. En route |
| 60 |
from me to you, it will pass across the public Internet, easily readable |
| 61 |
by any number of system administrators along the way. If you have received |
| 62 |
this message by mistake, it would be ridiculous for me to tell you not to |
| 63 |
read it or copy to anyone else, because, let's face it, if it's a message |
| 64 |
revealing confidential information or that could embarrass me intensely, |
| 65 |
that's precisely what you'll do. Who wouldn't? Likewise, it is superfluous |
| 66 |
for me to claim copyright in the contents, because I own that anyway, even |
| 67 |
if you print out a hard copy or disseminate this message all over the known |
| 68 |
universe. |
| 69 |
I don't know why so many corporate mail servers feel impelled to attach |
| 70 |
a disclaimer to the bottom of every email message saying otherwise. If |
| 71 |
you don't know either, why not email your corporate lawyers and system |
| 72 |
administrators and ask them why they insist on contributing so much to |
| 73 |
the waste of bandwidth? To say nothing of making the presence of your mail |
| 74 |
on public discussions or mailinglists of explicitly contratictory nature. |
| 75 |
May as well just delete it, eh? Oh, and this message is probably plagued |
| 76 |
with viruses as well. |
Archives