Hello, On a Centos 4.4 server I have generated a self signed certificate following exactly the procedure at http://wanderingbarque.com/howtos/mailserver/mailserver.html
That certificate works perfectly with Apache. Thanks to it I can now access my web pages on that server in https mode. But the same certificate is useless with fetchmail, when I try to download email via secure IMAP. 1) I have copied the certificates in my home suse 10.1 box and done this (from http://souptonuts.sourceforge.net/postfix_tutorial.html) # cp *pem /usr/share/ssl/my_certs # cd /usr/share/ssl/my_certs # openssl x509 -in myserverCert.pem -fingerprint -subject -issuer -serial -hash -noout SHA1 Fingerprint=the whole fingerprint here subject= /C=IT/ST=Italy/L=Rome/O=my company/OU=My Server/CN=myserver.net/[EMAIL PROTECTED] issuer= /C=IT/ST=Italy/L=Rome/O=my company/OU=My Server/CN=myserver.net/[EMAIL PROTECTED] serial=01 e2b344d2 # c_rehash . Doing . myserverCert.pem => e2b344d2.0 WARNING: myserverPrivateKey.pem does not contain a certificate or CRL: skipping 2) I run fetchmail with this rc file: set logfile "/$HOME/.log_fetchmail" set postmaster "me" set nobouncemail set properties "" #set daemon 60 set no syslog poll myserver.net with proto imap user remoteuser there with pass "thepassword" is me here sslcertck sslcertpath /usr/share/ssl/my_certs sslfingerprint "thefingerprint" 3) the result when I launch fetchmail is: fetchmail: 6.3.2 querying myserver.net (protocol IMAP) at Sat 30 Dec 2006 03:03:11 PM CET: poll started fetchmail: IMAP< * OK Dovecot ready. fetchmail: IMAP> A0001 CAPABILITY fetchmail: IMAP< * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 fetchmail: IMAP< A0001 OK Capability completed. fetchmail: Protocol identified as IMAP4 rev 1 fetchmail: IMAP> A0002 STARTTLS fetchmail: IMAP< A0002 OK Begin TLS negotiation now. fetchmail: Issuer Organization: my company fetchmail: Issuer CommonName: myserver.net fetchmail: Server CommonName: myserver.net fetchmail: myserver.net key fingerprint: thefingerprint here fetchmail: myserver.net fingerprints match. fetchmail: Server certificate verification error: unable to get local issuer certificate 23880:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894: fetchmail: Repoll immediately on remoteuser fetchmail: IMAP< * OK Dovecot ready. fetchmail: IMAP> A0001 CAPABILITY fetchmail: IMAP< * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 then fetchmail switches to unsecure IMAP and email is downloaded correctly. I am really at a loss to figure out what else I should have done. What is happening? What am I doing wrong? TIA, M. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
