[SLE] SSL certs error in fetchmail secure connection
Hello, I'm running suse 10.1 at home. I have an imap/pop3 account on a remote server, for which I have root access. On the server I have installed Dovecot and generated an SSL certificate which I then copied on my machine. When I try to retrieve email from the server with this fechmail command: poll my.vps.fqdn.name with proto POP3 user remoteuser there with pass "mypassword" is marco here options keep ssl sslfingerprint '7F:41:39:B6:2B:3D:A7:15:7D:14:2E:50:9A:F8:1D:B4:28:4A:77:2E' sslcertck sslcertpath /usr/share/ssl/my_personal_certs I get the error below. The fingerprint is the one I get when running here at home: openssl x509 -in certificate.pem -fingerprint -subject -issuer -serial -hash -noout Searching with google does return several mentions of this same problem, but no solutions. What am I doing wrong, and where is the error, in my home configuration, or on the server? TIA, Marco marco@polaris:~> fetchmail -vv fetchmail: 6.3.2 querying my.vps.fqdn.name (protocol POP3) at Tue 13 Jun 2006 05:22:50 PM CEST: poll started fetchmail: Issuer Organization: SomeOrganization fetchmail: Issuer CommonName: localhost.localdomain fetchmail: Server CommonName: localhost.localdomain fetchmail: Server CommonName mismatch: localhost.localdomain != my.vps.fqdn.name fetchmail: my.vps.fqdn.name key fingerprint: 20:93:B4:D8:CB:75:AD:72:F6:00:A8:DC:CE:F2:53:6E fetchmail: my.vps.fqdn.name fingerprints do not match! 23942:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894: fetchmail: SSL connection failed. fetchmail: socket error while fetching from remoteuser@my.vps.fqdn.name -- Marco Fioretti mfioretti, at the server mclink.it Fedora Core 3 for low memory http://www.rule-project.org/ May your future be limited only by your dreams. Christa McAuliffe -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Update: The original problem came from pointing at the wrong certificate files in dovecot.conf. Fixed that, something else blocked me. The remote server is running centos 4.3, the home desktop running suse 10.1. I have generated a new SSL certificate on the server, copied it on the desktop and run on the desktop:
openssl x509 -in mynewcertCert.pem -fingerprint -subject -issuer -serial -hash -noout c_rehash .
getting this warning:
Doing . WARNING: mynewcertPrivateKey.pem does not contain a certificate or CRL: skipping mynewcertCert.pem => 2764d17c.0
Now I have noted two things: 1) the fingerprint generated from the openssl command above is different when I run it on centos or on suse 10.1. Why? 2) if I run fetchmail here with these options: I get: fetchmail: 6.3.2 querying my.remote.server (protocol POP3) at Tue 13 Jun 2006 07:22:34 PM CEST: poll started fetchmail: Issuer Organization: The M Zone fetchmail: Issuer CommonName: my.remote.server fetchmail: Server CommonName: my.remote.server fetchmail: my.remote.server key fingerprint: the one obtained running openssl on the server fetchmail: my.remote.server fingerprints match. fetchmail: Server certificate verification error: unable to get local issuer certificate 26227:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894: fetchmail: SSL connection failed. fetchmail: socket error while fetching from m-mail@fm.vm.bytemark.co.uk What is the "local issuer" problem? What am I missing? Is it a consequence of problem 1) ? What is happening, and what must I do to use this certificate? TIA, Marco -- Marco Fioretti mfioretti, at the server mclink.it Fedora Core 3 for low memory http://www.rule-project.org/ I don't even have an email address. I have reached an age where my main purpose is not to receive messages. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (1)
-
M. Fioretti