1 |
On Sat, Oct 02, 2010 at 12:31:38PM +0200, meino.cramer@×××.de wrote: |
2 |
> Hi, |
3 |
> |
4 |
> fetchmail's log told me, that there is something wrong with the setup |
5 |
> of the certificats. |
6 |
> |
7 |
> In the log there is the following section |
8 |
> fetchmail: Server certificate: |
9 |
> fetchmail: Issuer Organization: Thawte Consulting cc |
10 |
> fetchmail: Issuer CommonName: Thawte Premium Server CA |
11 |
> fetchmail: Subject CommonName: pop.gmx.net |
12 |
> fetchmail: pop.gmx.net key fingerprint: A6:57:BC:4A:97:AD:DB:99:00:E9:3A:B8:81:55:D7:B6 |
13 |
> fetchmail: Server certificate verification error: unable to get local issuer certificate |
14 |
> fetchmail: This means that the root signing certificate (issued for /C=DE/ST=Bayern/L=Munich/O=GMX GmbH/CN=pop.gmx.net) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. |
15 |
> fetchmail: Server certificate: |
16 |
> fetchmail: Issuer Organization: Thawte Consulting cc |
17 |
> fetchmail: Issuer CommonName: Thawte Premium Server CA |
18 |
> fetchmail: Subject CommonName: pop.gmx.net |
19 |
> fetchmail: Server certificate verification error: certificate not trusted |
20 |
> fetchmail: Server certificate: |
21 |
> fetchmail: Issuer Organization: Thawte Consulting cc |
22 |
> fetchmail: Issuer CommonName: Thawte Premium Server CA |
23 |
> fetchmail: Subject CommonName: pop.gmx.net |
24 |
> fetchmail: Server certificate verification error: unable to verify the first certificate |
25 |
> fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) |
26 |
> |
27 |
> |
28 |
> In beforehand I did the following: |
29 |
|
30 |
i did pretty much the same thing without success :( |
31 |
|
32 |
but the sslcertfile option in the default section of my .fetchmailrc finaly solved the problem: |
33 |
heiko@chiefwiggum:~> cat .fetchmailrc |
34 |
defaults |
35 |
proto pop3 |
36 |
limit 0 |
37 |
mda "/usr/bin/procmail -d %T" |
38 |
sslcertfile /etc/ssl/certs/ca-certificates.crt |
39 |
|
40 |
poll pop.1und1.de |
41 |
user "xxx" keep ssl |
42 |
|
43 |
poll pop.gmx.net |
44 |
user "xxx" keep ssl |
45 |
|
46 |
|
47 |
option sslcertfile in the fetchmail manpage and the update-ca-certificates manpage gave me the hint. |
48 |
|
49 |
cheers |
50 |
heiko |
51 |
> |
52 |
> |
53 |
> |
54 |
> |
55 |
> |
56 |
> |
57 |
|
58 |
-- |
59 |
This email is not and cannot, by its nature, be confidential. En route |
60 |
from me to you, it will pass across the public Internet, easily readable |
61 |
by any number of system administrators along the way. If you have received |
62 |
this message by mistake, it would be ridiculous for me to tell you not to |
63 |
read it or copy to anyone else, because, let's face it, if it's a message |
64 |
revealing confidential information or that could embarrass me intensely, |
65 |
that's precisely what you'll do. Who wouldn't? Likewise, it is superfluous |
66 |
for me to claim copyright in the contents, because I own that anyway, even |
67 |
if you print out a hard copy or disseminate this message all over the known |
68 |
universe. |
69 |
I don't know why so many corporate mail servers feel impelled to attach |
70 |
a disclaimer to the bottom of every email message saying otherwise. If |
71 |
you don't know either, why not email your corporate lawyers and system |
72 |
administrators and ask them why they insist on contributing so much to |
73 |
the waste of bandwidth? To say nothing of making the presence of your mail |
74 |
on public discussions or mailinglists of explicitly contratictory nature. |
75 |
May as well just delete it, eh? Oh, and this message is probably plagued |
76 |
with viruses as well. |