Re: [Fetchmail-users] cert probelm

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> fetchmail: Missing trust anchor certificate: /C=US/O=DigiCert
> Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
> fetchmail: This could mean that the root CA's signing certificate is not in
> the trusted CA certificate location, or that
> c_rehash needs to be run on the certificate directory. For details, please
> see the documentation of --sslcertpath
> and --sslcertfile in the manual page. See README.SSL for details.

> Please define the certificate directory. I do have that cert if the
> spaces are replaced by underscores. And c_rehash has been run, several
> times with the -v option, looks legit but me not an expert.

> Where is the bad or missing cert, here, or at my ISP's dovecot server?

openssl s_client -connect imap.shentel.net:imaps -showcerts < /dev/null
openssl x509 -text -fingerprint -sha1 < each_cert_block

Check that your system's cacert / ca_bundle / nss file is up to date,
/etc/ssl or elsewhere.

Server is supplying two certs from other parties,
ca intermediate and ca root,
when they should supply only local intermediates,
which those two aren't.

Check validity chain of fingerprints, expirations,
and add to cacert file, c_rehash dir,
or whatever other local method is in use, as needed.

Authority certs are in urls output in -text above.

Re: [Fetchmail-users] cert probelm

Client daemon to move mail from POP and IMAP to your local computer

Re: [Fetchmail-users] cert probelm