Update: The original problem came from pointing at the wrong certificate files in dovecot.conf. Fixed that, something else blocked me. The remote server is running centos 4.3, the home desktop running suse 10.1. I have generated a new SSL certificate on the server, copied it on the desktop and run on the desktop:
openssl x509 -in mynewcertCert.pem -fingerprint -subject -issuer -serial -hash -noout c_rehash .
getting this warning:
Doing . WARNING: mynewcertPrivateKey.pem does not contain a certificate or CRL: skipping mynewcertCert.pem => 2764d17c.0
Now I have noted two things: 1) the fingerprint generated from the openssl command above is different when I run it on centos or on suse 10.1. Why? 2) if I run fetchmail here with these options: I get: fetchmail: 6.3.2 querying my.remote.server (protocol POP3) at Tue 13 Jun 2006 07:22:34 PM CEST: poll started fetchmail: Issuer Organization: The M Zone fetchmail: Issuer CommonName: my.remote.server fetchmail: Server CommonName: my.remote.server fetchmail: my.remote.server key fingerprint: the one obtained running openssl on the server fetchmail: my.remote.server fingerprints match. fetchmail: Server certificate verification error: unable to get local issuer certificate 26227:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894: fetchmail: SSL connection failed. fetchmail: socket error while fetching from m-mail@fm.vm.bytemark.co.uk What is the "local issuer" problem? What am I missing? Is it a consequence of problem 1) ? What is happening, and what must I do to use this certificate? TIA, Marco -- Marco Fioretti mfioretti, at the server mclink.it Fedora Core 3 for low memory http://www.rule-project.org/ I don't even have an email address. I have reached an age where my main purpose is not to receive messages. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com