Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 May 2015 19:41:13 -0400
From:      Ernie Luzar <>
Subject:   Re: Certificate error
Message-ID:  <>
In-Reply-To: <>
References:  <> <>	<> <>	<> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
   Lowell Gilbert wrote:

Ernie Luzar [1]<> writes:

When I run fetchmail againest my ISP mail pop server it runs fine and
populates my postfix server and shows basically the same log

Your ISP's POP server has a certificate signed by a certificate
authority that fetchmail trusts.

          I just change the poll  and user statements in

Your personal POP server does *not* have a certificate signed by a
certificate authority that fetchmail trusts.

Please answer the following question as directly as you can: how did you
configure fetchmail to accept the certificate being used by your
personal POP server?

The normal way you configure fetchmail to accept a self-signed
certificate is by using the "sslfingerprint" option in your
.fetchmailrc file. Have you done this?

   When I tried to get the fingerprint source
   openssl s_client -connect -showcerts
   675508300:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
   no peer certificate available
   No client certificate CA names sent
   SSL handshake has read 7 bytes and written 307 bytes
   New, (NONE), Cipher is (NONE)
   Secure Renegotiation IS NOT supported
   Compression: NONE
   Expansion: NONE
   I thought qpopper would have launched TLS when s_client connected. At a
   lost of what to do next.
   Here is my qpopper.conf
   set server-mode = true
   set statistics = true
   set shy = true
   set fast-update = true
   set reverse-lookup = false
   set log-facility = mail
   set tls-support = stls
   set clear-text-password = tls
   set tls-server-cert-file = /usr/local/etc/qpopper/fme-cert.pem
   set tls-private-key-file = /usr/local/etc/qpopper/fme-key.pem



Want to link to this message? Use this URL: <>