From owner-freebsd-questions@FreeBSD.ORG Mon Jul 23 16:27:11 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7DF0106566B for ; Mon, 23 Jul 2012 16:27:11 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102]) by mx1.freebsd.org (Postfix) with ESMTP id A0B188FC0A for ; Mon, 23 Jul 2012 16:27:11 +0000 (UTC) Received: from ncsd.bris.ac.uk ([137.222.10.59] helo=ncs.bris.ac.uk) by dirg.bris.ac.uk with esmtp (Exim 4.72) (envelope-from ) id 1StLTM-0006JM-Sk for freebsd-questions@freebsd.org; Mon, 23 Jul 2012 17:27:05 +0100 Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241]) by ncs.bris.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1StLTM-0000c3-Mv for freebsd-questions@freebsd.org; Mon, 23 Jul 2012 17:27:04 +0100 Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.5/8.14.5) with ESMTP id q6NGR496098655 for ; Mon, 23 Jul 2012 17:27:04 +0100 (BST) (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.5/8.14.5/Submit) id q6NGR4Eb098654 for freebsd-questions@freebsd.org; Mon, 23 Jul 2012 17:27:04 +0100 (BST) (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-cluster241.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Mon, 23 Jul 2012 17:27:04 +0100 From: Anton Shterenlikht To: freebsd-questions@freebsd.org Message-ID: <20120723162704.GA98615@mech-cluster241.men.bris.ac.uk> Mail-Followup-To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Subject: fetchmail ssl error X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jul 2012 16:27:12 -0000 I probably misunderstand how SSL certificates work. $ cat .fetchmailrc poll staff-imap-srv.bris.ac.uk protocol imap user "mexas" password "xxxxxxx" sslcertck sslcertfile /home/mexas/cert/uob-net-ca.crt fetchall $ $ fetchmail fetchmail: Server certificate verification error: self signed certificate in certificate chain fetchmail: This means that the root signing certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. 98631:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:984: fetchmail: staff-imap-srv.bris.ac.uk: upgrade to TLS failed. fetchmail: Unknown login or authentication error on mexas@epo.bris.ac.uk fetchmail: socket error while fetching from mexas@staff-imap-srv.bris.ac.uk fetchmail: Query status=2 (SOCKET) $ The /home/mexas/cert/uob-net-ca.crt file is supposed to be the univerisity certificate: -----BEGIN CERTIFICATE----- *several lines* -----END CERTIFICATE----- $ openssl verify uob-net-ca.crt uob-net-ca.crt: /O=University of Bristol/OU=IT Services (Networks)/emailAddress=service-desk@bristol.ac.uk/L=Bristol/ST=Avon/C=GB/CN=University of Bristol Net CA error 18 at 0 depth lookup:self signed certificate OK $ I read in the fetchmail manual something about c_rehash script, but I can only find one in /usr/ports/mail/cone/scripts/c_rehash The fetchmail also mentions that: *quote* Additionally, you might need to convert the certificates to different formats (the PEM format is expected and usually is available, DER is another one; you can convert between both using the openssl(1) utility's x509 sub-mode). *end quote* So, I'm not sure if I need to convert my certificate to PEM format or not? Please advise Many thanks -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423