Menu
▾
▴
Re: [fetchmail-users] unable to get local issuer certificate
|
From: Matthias A. <mat...@gm...> - 2008-09-12 18:23:43
|
Andy Malato schrieb: > Hello All, > > > I'm currently trying to get fetchmail release 6.3.8+SSL+HESIOD+NLS > working but am running into problems with SSL certificate verification. > > The version of OpenSSL I am using is OpenSSL 0.9.8d on RHEL 4. > > > I have specified the following options in my config file : > > poll mymailhost proto pop3 uidl no dns > user mailuser > sslcertck sslcertpath /usr/share/ssl/certs > > When I invoke fetchmail, I get the following : > > Enter password for mailuser@mymailhost: > fetchmail: 6.3.8 querying mymailhost (protocol POP3) at Fri Sep 12 > 10:59:10 2008: poll started > Trying to connect to 10.0.0.17/995...connected. > fetchmail: Server certificate verification error: unable to get local > issuer certificate > 29071:error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed:s3_clnt.c:843: ... > If I remove the sslcertck option, things work fine. > > > If I run : > > openssl s_client -connect mymailhost:993 -CApath /usr/share/ssl/certs > > Things appear to be OK, i.e., The SSL Handshake completes ok with Verify > return code of 0. Do you get the same results with "-verify 5" here? Did you run c_rehash /usr/share/ssl/certs after installing any certificates? Is your RHEL fully patched? HTH -- Matthias Andree |
