Re: [Fetchmail-users] Gmail SSL cert problem

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 2017-12-05 at 01:42 -0500, grarpamp wrote:
> Maybe you changed fetchmail config, [auto] updated
> or changed some OS bits or CA bundle, etc we
> don't know why. Maybe G2 / G3 cert lost.
> And google has been changing things too.
> 
> You can get google intermediates here
> https://pki.google.com/
> https://pki.goog/
> https://security.googleblog.com/
> 
> Or from URL's in the server cert
> openssl s_client -connect pop.gmail.com:pop3s < /dev/null
> openssl x509 -text -in <certfile>
> 
> Also consider fetchmail fingerprint / certfiles options
> to avoid some various types of attack.
> 
> Search these things to learn more as needed.
> 
Thank you, I finally got it to working again. I went into my certs on
Firefox and exported these:

GlobalSignCloudSSLCA-SHA256-G3.crt
GlobalSignDomainValidationCA-SHA256-G2.crt
GlobalSignECCRootCA-R4.crt
GlobalSignECCRootCA-R5.crt
GlobalSignExtendedValidationCA-SHA256-G2.crt
GlobalSignOrganizationValidationCA-SHA256-G2.crt
GlobalSignRootCA-R2.crt
GlobalSignRootCA-R3.crt
GoogleInternetAuthorityG2.crt
GoogleInternetAuthorityG3.crt

and ran c_rehash ~/certs/.certs. I doubt all of the above were really
needed to fix the issue and I probably should have done one at a time
until it was fixed.

Chris

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
11:37:02 up 13 days, 38 min, 1 user, load average: 1.26, 1.24, 1.25
Description:	Ubuntu 16.04.3 LTS, kernel 4.10.0-40-generic

Re: [Fetchmail-users] Gmail SSL cert problem

Client daemon to move mail from POP and IMAP to your local computer

Re: [Fetchmail-users] Gmail SSL cert problem