I am using KDE 3.5 and Kmail on my 9.3 Suse. Everyday I get following information when sending my first email of the day. The server certificate failed the authenticity test (smtp.telkom.net). After entering "continue" I get following question. Would you like to accept this certificate forever without being prompted? After entering my choice of accepting "forever" I am ready for sending my email. This happens for two of my isp's. Next day I have to go through the same practice so I wonder what "forever" means in this respect and how I can get rid of this server certificate question.
Sat, 01 Apr 2006, by cbroueriusvannidek@gmail.com:
I am using KDE 3.5 and Kmail on my 9.3 Suse. Everyday I get following information when sending my first email of the day.
The server certificate failed the authenticity test (smtp.telkom.net).
After entering "continue" I get following question.
Would you like to accept this certificate forever without being prompted?
After entering my choice of accepting "forever" I am ready for sending my email.
This happens for two of my isp's. Next day I have to go through the same practice so I wonder what "forever" means in this respect and how I can get rid of this server certificate question.
It probably means these isps use self-signed certs, and your client doesn't recognize the CA (Certificate Authority). Either ask these isps to start using certs which are signed by a known CA, or import the server certificate from these isps and let the client s/w know where to find it. In Kmail: Tools -> Certificate manager This start Kleopatra (in 9.2 anyway): File -> Import Certificates. (Not tested, I don't use kmail myself). Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-04-02 at 11:27 +0200, Theo v. Werkhoven wrote:
It probably means these isps use self-signed certs, and your client doesn't recognize the CA (Certificate Authority). Either ask these isps to start using certs which are signed by a known CA, or import the server certificate from these isps and let the client s/w know where to find it.
By the way... gmail uses a certificate, but that fact is not mentioned in their docs, I think. Fetchmail complains: Apr 3 02:00:46 nimrodel fetchmail[2288]: 6.3.2 querying pop.gmail.com (protocol POP3) at Mon Apr 3 02:00:46 2006: poll started Apr 3 02:00:46 nimrodel fetchmail[2288]: Issuer Organization: Equifax Apr 3 02:00:46 nimrodel fetchmail[2288]: Unknown Issuer CommonName Apr 3 02:00:46 nimrodel fetchmail[2288]: Server CommonName: pop.gmail.com Apr 3 02:00:46 nimrodel fetchmail[2288]: pop.gmail.com key fingerprint: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4 Apr 3 02:00:46 nimrodel spamd[11613]: prefork: child states: II Apr 3 02:00:46 nimrodel fetchmail[2288]: POP3< +OK Gpop ready l38pf1663078nfc How could I get that certificate and tell fetchmail about it? - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEMGnztTMYHG2NR9URAr5BAJ4/RsOw6ifHkLJgMxoxhfxbC5wsOgCfRNxP 8nuQb/MC3jEdn9Cazaqht1I= =QhXx -----END PGP SIGNATURE-----
* Carlos E. R.
By the way... gmail uses a certificate, but that fact is not mentioned in their docs, I think. Fetchmail complains:
Apr 3 02:00:46 nimrodel fetchmail[2288]: 6.3.2 querying pop.gmail.com (protocol POP3) at Mon Apr 3 02:00:46 2006: poll started Apr 3 02:00:46 nimrodel fetchmail[2288]: Issuer Organization: Equifax Apr 3 02:00:46 nimrodel fetchmail[2288]: Unknown Issuer CommonName Apr 3 02:00:46 nimrodel fetchmail[2288]: Server CommonName: pop.gmail.com Apr 3 02:00:46 nimrodel fetchmail[2288]: pop.gmail.com key fingerprint: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4 Apr 3 02:00:46 nimrodel spamd[11613]: prefork: child states: II Apr 3 02:00:46 nimrodel fetchmail[2288]: POP3< +OK Gpop ready l38pf1663078nfc
How could I get that certificate and tell fetchmail about it?
I believe adding 'ssl' to the *user* line will suffice. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
* Patrick Shanahan
* Carlos E. R.
[04-02-06 20:19]: By the way... gmail uses a certificate, but that fact is not mentioned in their docs, I think. Fetchmail complains:
Apr 3 02:00:46 nimrodel fetchmail[2288]: 6.3.2 querying pop.gmail.com (protocol POP3) at Mon Apr 3 02:00:46 2006: poll started Apr 3 02:00:46 nimrodel fetchmail[2288]: Issuer Organization: Equifax Apr 3 02:00:46 nimrodel fetchmail[2288]: Unknown Issuer CommonName Apr 3 02:00:46 nimrodel fetchmail[2288]: Server CommonName: pop.gmail.com Apr 3 02:00:46 nimrodel fetchmail[2288]: pop.gmail.com key fingerprint: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4 Apr 3 02:00:46 nimrodel spamd[11613]: prefork: child states: II Apr 3 02:00:46 nimrodel fetchmail[2288]: POP3< +OK Gpop ready l38pf1663078nfc
How could I get that certificate and tell fetchmail about it?
I believe adding 'ssl' to the *user* line will suffice.
Humm, that's in ~/.fetchmailrc -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2006-04-02 at 20:38 -0400, Patrick Shanahan wrote:
How could I get that certificate and tell fetchmail about it?
I believe adding 'ssl' to the *user* line will suffice.
Humm, that's in ~/.fetchmailrc
No, it is already there. Mind, I get the email, only that I also get the warning. There must be a way to tell fetchmail about the certificate, and store it somewhere. Also, get it somehow. Mmm, time to rtfm again, I guess... - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEMHGntTMYHG2NR9URArK3AKCECxtFg8eGCeG+pTsr/PdApYg7sgCfXdnT z7K25tvFkgmUhStHLgOgZUk= =er5V -----END PGP SIGNATURE-----
participants (4)
-
C. Brouerius van Nidek
-
Carlos E. R.
-
Patrick Shanahan
-
Theo v. Werkhoven