Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 10 May 2015 17:07:04 -0400
From:      Ernie Luzar <>
To:        FreeBSD Questions <>
Subject:   Certificate error
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello list;
Been trying to setup qpopper to use TLS.
I am stuck at getting a self signed certificate to work.
Running fetchmail on the host to get a good log of what is really happening
as shown below. After that list is the script I use to build the 
Maybe some one can seen what I am doing wrong in the build cert script
based on the errors shown in the fetchmail list..

Script started on Sun May 10 16:30:25 2015
/root >fetchmail -vv
fetchmail: WARNING: Running as root is discouraged.
Old UID list from <empty>
Scratch list of UIDs: <empty>
fetchmail: 6.3.26 querying (protocol POP3) at Sun May 
10 16:30:37 2015: poll started
Trying to connect to
fetchmail: POP3< +OK ready  <1301.1431289837@localhost>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 0
fetchmail: POP3< EXPIRE NEVER
fetchmail: POP3< UIDL
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< X-MANGLE
fetchmail: POP3< X-MACRO
fetchmail: POP3< X-LOCALTIME Sun, 10 May 2015 16:30:37 -0400
fetchmail: POP3< STLS
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK STLS
fetchmail: Server certificate:
fetchmail: Issuer Organization: Powerman
fetchmail: Issuer CommonName:
fetchmail: Subject CommonName:
fetchmail: key fingerprint: 

fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate:

#! /bin/sh
# Lets get to the correct location
cd /usr/local/etc/qpopper

# Lets delete existing stuff to re-create clean
rm -v CA.key CA.crt pop3.key.pem pop3.cert.csr pop3.cert.pem

echo "Creating a private CA key"
openssl genrsa -des3 -out CA.key 2048

echo "Creating a private CA certificate"
openssl req -new -x509 -days 3650 -key CA.key -out CA.crt

echo "Creating a private ssl/tls pop3 key"
openssl genrsa -out pop3.key.pem 2048

echo "Creating a private certificate signing request"
openssl req -new -key pop3.key.pem -out pop3.cert.csr

echo "Sign certificate using own CAsigning request"
openssl x509 -req -in pop3.cert.csr -out pop3.cert.pem -sha1 -CA CA.crt 
-CAkey CA.key -CAcreateserial -days 3650 

Want to link to this message? Use this URL: <>