Date: Sun, 4 Jul 2010 00:33:21 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Marco Beishuizen <mbeis@xs4all.nl> Cc: freebsd-questions@freebsd.org Subject: Re: fetchmail certificate verification messages Message-ID: <20100704053321.GG50409@dan.emsphone.com> In-Reply-To: <alpine.BSF.2.00.1007032332560.2877@yokozuna.lan> References: <alpine.BSF.2.00.1007032332560.2877@yokozuna.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jul 03), Marco Beishuizen said: > I'm seeing in my logfiles a lot of messages like these from fetchmail: > > Jul 3 22:02:54 yokozuna fetchmail[1437]: Server certificate verification > error: self signed certificate in certificate chain > Jul 3 22:02:54 yokozuna fetchmail[1437]: This means that the root signing > certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External TTP > Network/CN=AddTrust External CA Root) is not in the trusted CA certificate > locations, or that c_rehash needs to be run on the certificate directory. > For details, please see the documentation of sslcertpath and > sslcertfile in the manual page. > > Does anyone know what these messages mean and if they are harmless or not? Probably harmless, unless someone has forged a certificate chain using a fake "AddTrust External CA Root" cert at the top. Installing the security/ca_root_nss port (make sure you enable the ETCSYMLINK option) will probably silence it. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100704053321.GG50409>