Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 10 May 2015 17:07:04 -0400
From:      Ernie Luzar <luzar722@gmail.com>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Certificate error
Message-ID:  <554FC878.7070401@gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello list;
Been trying to setup qpopper to use TLS.
I am stuck at getting a self signed certificate to work.
Running fetchmail on the host to get a good log of what is really happening
as shown below. After that list is the script I use to build the 
certificates.
Maybe some one can seen what I am doing wrong in the build cert script
based on the errors shown in the fetchmail list..
Thanks

Script started on Sun May 10 16:30:25 2015
/root >fetchmail -vv
fetchmail: WARNING: Running as root is discouraged.
Old UID list from pop.powerman.com: <empty>
Scratch list of UIDs: <empty>
fetchmail: 6.3.26 querying pop.powerman.com (protocol POP3) at Sun May 
10 16:30:37 2015: poll started
Trying to connect to 10.0.10.2/110...connected.
fetchmail: POP3< +OK ready  <1301.1431289837@localhost>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 0
fetchmail: POP3< EXPIRE NEVER
fetchmail: POP3< UIDL
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< X-MANGLE
fetchmail: POP3< X-MACRO
fetchmail: POP3< X-LOCALTIME Sun, 10 May 2015 16:30:37 -0400
fetchmail: POP3< STLS
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK STLS
fetchmail: Server certificate:
fetchmail: Issuer Organization: Powerman
fetchmail: Issuer CommonName: pop.powerman.com
fetchmail: Subject CommonName: pop.powerman.com
fetchmail: pop.a1poweruser.com key fingerprint: 
51:EC:3E:14:EA:E0:A9:97:1F:9F:D9:30:35:72:44:EA

fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate:



cat qpopper.build.cert
#! /bin/sh
# Lets get to the correct location
cd /usr/local/etc/qpopper

# Lets delete existing stuff to re-create clean
rm -v CA.key CA.crt pop3.key.pem pop3.cert.csr pop3.cert.pem

echo "Creating a private CA key"
openssl genrsa -des3 -out CA.key 2048

echo "Creating a private CA certificate"
openssl req -new -x509 -days 3650 -key CA.key -out CA.crt

echo "Creating a private ssl/tls pop3 key"
openssl genrsa -out pop3.key.pem 2048

echo "Creating a private certificate signing request"
openssl req -new -key pop3.key.pem -out pop3.cert.csr

echo "Sign certificate using own CAsigning request"
openssl x509 -req -in pop3.cert.csr -out pop3.cert.pem -sha1 -CA CA.crt 
-CAkey CA.key -CAcreateserial -days 3650 





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?554FC878.7070401>