Menu
▾
▴
Re: [fetchmail-users] What is a "local issuer certificate"?
|
From: Matthias A. <mat...@gm...> - 2006-07-01 20:58:11
|
Paul Elliott <pel...@io...> writes: > I am not an expert on ssl so this does not really answer my > question. You need the root certificate that this... > > I got one certificate from the imap server at mail.io.com > by doing the following: > > openssl s_client -connect mail.io.com:993 -showcerts ...certificate was signed with. (few minutes later) The necessary root certificate can be downloaded here: <http://www.geotrust.com/resources/root_certificates/index.asp> Under Root 4, download "Download - Equifax Secure eBusiness CA-1 (Base-64 encoded X.509)" and save it to a file. Then rename the downloaded *.cer file so it has a .pem ending (it's in PEM format, but it needs a .pem suffix for c_rehash to recognize it) and move it into your .ssl/certs, then run c_rehash ~/.ssl/certs. You already have "sslcertpath /home/pelliott/.ssl/certs", so that part is covered. After the installation of that certificate, you can remove the sslfingerprint option. > and the io.pem was supposed to be signed by equifax so I should > have the certificate for equifax that signed io.pem. Yet you don't. Equifax issued more than one certificate. > My .fetchmailrc looks like (with password XXXXed): > > # Configuration created Mon Jun 19 10:26:45 2006 by fetchmailconf 1.52 $Revision: 4636 $ > set postmaster "pelliott" > set bouncemail > set no spambounce > set properties "" > poll mail.io.com with proto IMAP > user 'pelliott' there with password 'XXXXXXX' is 'pelliott' here sslcertpath /home/pelliott/.ssl/certs sslfingerprint "5D:1F:EF:5B:2C:C6:72:07:D4:18:D1:D3:15:8F:4F:1B" > #sslcertck > > I am still getting the error message. Which means your fetchmail version is older than 6.3.4. Please update. > My question was does "local issuer certificate" refer to? The root certificate. > The certificate I got from the imap server at mail.io.com or does it > refer to a self signed certificate describing my fetchmail client? Neither. > How do I create/get one in any case? See above. > The fetchmail documentation describes the --sslcert and --sslkey > parameters and how they should point to certifications and keys. No. > But this stuff is going to be used by a lot of ignorant people > like me, it does not tell how to get and/or create such keys. > I can't seem to figure it out. Your ISP should have provided the necessary instructions. Please ask them to provide instructions and the necessary root certificate. -- Matthias Andree |
