Re: [fetchmail-users] unable to get local issuer certificate

[Matthias A. <mat...@gm...>]

Am 18.10.2011 00:24, schrieb Tim Johnson:
> * Matthias Andree <mat...@gm...> [111017 12:10]:
>>
>> Basically you need to download the Equifax root certificate SEPARATELY
>> with your browser through a trusted https:// connection (_not_ with
>> gnutls-cli, openssl, or similar tools!) and put that into
>> /Users/tim/.certs - and be sure it's named something with .pem suffix.
>> Then re-run c_rehash, and see if that helps.
>  I had created certificates different from the ones on my linux box.
>  I solved this (for gmail) by copying over the .certs directory from
>  my linux box.

Be sure to re-run c_rehash. Your Mac may be using a different OpenSSL
version, and thus a different hash function, than Linux.

>> Note your fetchmail version is outdated and should not be used. Update
>> to 6.3.21 instead.
>  I am mindful of your instructions. With SSL enabled on this
>  fetchmail, it is also complaining about certificates for other mail
>  servers that I use.

Be sure to put the certificates of the root signing certification
authority into said directory, and be sure to run a matching c_rehash
command.  Failing proper hashing, try concatenating the BASE64/.PEM
files to one (these are plain text files with -----BEGIN
CERTIFICATE----- and matching end lines and ASCII stuff in between), and
pass it to --sslcertfile (needs a somewhat recent fetchmail).