On Sat, Dec 30, 2006, M. Fioretti wrote: > Hello, > > On a Centos 4.4 server I have generated a self signed certificate > following exactly the procedure at > http://wanderingbarque.com/howtos/mailserver/mailserver.html > > That certificate works perfectly with Apache. Thanks to it I can now > access my web pages on that server in https mode. But the same > certificate is useless with fetchmail, when I try to download email > via secure IMAP. > > 1) I have copied the certificates in my home suse 10.1 box and done > this (from http://souptonuts.sourceforge.net/postfix_tutorial.html) > > # cp *pem /usr/share/ssl/my_certs > # cd /usr/share/ssl/my_certs > # openssl x509 -in myserverCert.pem -fingerprint -subject -issuer -serial > -hash -noout > > SHA1 Fingerprint=the whole fingerprint here > subject= /C=IT/ST=Italy/L=Rome/O=my company/OU=My > Server/CN=myserver.net/[EMAIL PROTECTED] > issuer= /C=IT/ST=Italy/L=Rome/O=my company/OU=My > Server/CN=myserver.net/[EMAIL PROTECTED] > serial=01 > e2b344d2 > # c_rehash . > Doing . > myserverCert.pem => e2b344d2.0 > WARNING: myserverPrivateKey.pem does not contain a certificate or CRL: > skipping > > > 2) I run fetchmail with this rc file: > > set logfile "/$HOME/.log_fetchmail" > set postmaster "me" > set nobouncemail > set properties "" > #set daemon 60 > set no syslog > > poll myserver.net with proto imap > user remoteuser there with pass "thepassword" is me here sslcertck > sslcertpath /usr/share/ssl/my_certs sslfingerprint "thefingerprint" >
Does the my_certs directory contain the above server certificate and have you done c_rehash on it? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
