Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Jul 2012 17:27:04 +0100
From:      Anton Shterenlikht <>
Subject:   fetchmail ssl error
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
I probably misunderstand how SSL certificates work.

$ cat .fetchmailrc 
poll protocol imap user "mexas" password "xxxxxxx" sslcertck sslcertfile /home/mexas/cert/uob-net-ca.crt fetchall

$ fetchmail
fetchmail: Server certificate verification error: self signed certificate in certificate chain
fetchmail: This means that the root signing certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
98631:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:984:
fetchmail: upgrade to TLS failed.
fetchmail: Unknown login or authentication error on
fetchmail: socket error while fetching from
fetchmail: Query status=2 (SOCKET)

The /home/mexas/cert/uob-net-ca.crt file is supposed
to be the univerisity certificate:

*several lines*

$ openssl verify uob-net-ca.crt 
uob-net-ca.crt: /O=University of Bristol/OU=IT Services (Networks)/ of Bristol Net CA
error 18 at 0 depth lookup:self signed certificate

I read in the fetchmail manual
something about c_rehash script,
but I can only find one in 

The fetchmail also mentions that:

 Additionally, you might need to convert the
certificates to different formats (the PEM format is expected and usually is
available, DER is another one; you can convert between both using the
openssl(1) utility's x509 sub-mode).
*end quote*

So, I'm not sure if I need to convert my
certificate to PEM format or not?

Please advise

Many thanks

Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423

Want to link to this message? Use this URL: <>