FreeBSD Mail Archives

Date:      Sun, 10 May 2015 23:10:10 -0400
From:      Jon Radel <jon@radel.com>
To:        freebsd-questions@freebsd.org
Cc:        Ernie Luzar <luzar722@gmail.com>
Subject:   Re: Certificate error
Message-ID:  <55501D92.2020102@radel.com>
In-Reply-To: <554FC878.7070401@gmail.com>
References:  <554FC878.7070401@gmail.com>


[-- Attachment #1 --]
On 5/10/15 5:07 PM, Ernie Luzar wrote:
> Hello list;
> Been trying to setup qpopper to use TLS.
> I am stuck at getting a self signed certificate to work.
> Running fetchmail on the host to get a good log of what is really 
> happening
> as shown below. After that list is the script I use to build the 
> certificates.
> Maybe some one can seen what I am doing wrong in the build cert script
> based on the errors shown in the fetchmail list..
> Thanks
A self-signed certificate and a certificate signed by your own CA aren't 
even remotely the same thing; I'm confused as to what you're trying to 
actually do.  The list of openssl commands you give shouldn't result in 
a self-signed certificate.  See section 4 of 
http://www.openssl.org/docs/HOWTO/certificates.txt for the incantation 
for a self-signed certificate.

>
>
> fetchmail: Server certificate verification error: self signed certificate
> fetchmail: Missing trust anchor certificate:
>
>
As a result, I'm kind of confused as to why fetchmail is complaining 
about a missing trust anchor for a self-signed certificate.  But that 
does lead to the question:  Did you install the CA certificate, CA.cert, 
where fetchmail will use it for verifying certificates? You should also 
realize that if you want to use your own CA, you're much better off not 
creating a new one willy-nilly, as you need to install the CA cert for 
every client which you want to actually verify the certificates signed 
by that CA.  See 
http://lists.ccil.org/pipermail/fetchmail-friends/2006-April/010051.html 
for more.

--Jon Radel
jon@radel.com


[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��
�0��0����#��S��anzTgk!0
	*�H��
0o10	USE10U
AddTrust AB1&0$UAddTrust External TTP Network1"0 UAddTrust External CA Root0
141222000000Z
200530104838Z0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CA0�"0
	*�H��
�0�
���
�zSNpR�V�&��I���Q���ZI���`�zQB�y��"�aN��v#
�J�	�n�=ٺ�����.CRC|�2PȦOZ��ϓ%�{��0d��V��*$3��D�i��FK�3��@�����@���:�*S��= a<U��Nv%!)��|qvO��_���T���{5R���"=,0-1Y�R7�3i-C��֥�wgQ���'뼥8v���8�ߌ��I���s�:2���:=F:WtaP��@?��⟢!��0�0U#0����z4�&���&T���$�T0U�ak�ᢠ�O�g�£�����0U��0U�0�0U%0++0U 
00U 0DU=0;09�7�5�3http://crl.usertrust.com/AddTrustExternalCARoot.crl05+)0'0%+0�http://ocsp.usertrust.com0
	*�H��
�*n�U�:������U�ka+�	#��fjo����w^a�}�������[jr
A���X�&���M������X�"c�R��6�}X�ޫ;c���s����{���B#�ʶ�M>�K��-�ػBK�i�ۦ74�{����:ǟO�4n�e�������6����d)5�ֱ�q�C��>��2S�v�ʆ4�,��Jؙ
��␒�ZBj#!�e��ջ~ꌅ b��:,Yř3�8���zy�J&�|���0��0��sT�<}k��
`i
��0
	*�H��
0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CA0
150330000000Z
180329235959Z0��10	UUS10U2215010	UVA10USpringfield10U	6917 Ridgeway Dr.10U
Jon T. Radel1200U)Issued through Jon T. Radel E-PKI Manager10UCorporate Secure Email10U	Jon Radel10	*�H��
	
jon@radel.com0�"0
	*�H��
�0�
���a�Щ������@@g3eGރ�͛�;	�d�#��>�q7&Hf�
:��3�v�L"��jV#�Xݷ�>U��-�H[$�S�Uڻ�{�Ϝ�,���z¶���I���chO��=rcy��r����n�v.V��h�7��k;���%u�e�Y��uӬ��󯅅���n�z����6!| !�A�ȡ�+�,�����u�+ 
�CA�պF-��u�n�#�vj���UJ��W�nk%�j]�
2�JP�kl�����0��0U#0��ak�ᢠ�O�g�£�����0U���E�|G�Dp��/�ʚB�0U��0U�00U%0++0FU ?0=0;+�10+0)+https://secure.comodo.net/CPS0]UV0T0R�P�N�Lhttp://crl.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crl0��+��0��0X+0�Lhttp://crt.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crt0$+0�http://ocsp.comodoca.com0U0�
jon@radel.com0
	*�H��
�KS��`?���H���_D`�8G߿VbĘ��<��t�B-Ӈї|��{'��Ũ�ݹg0Gp�$��������������%F(;*��M��O*g����t�$@�����t6���,�?0���|�#�ă�z�,�&!{j�2i��[%�b�7ߪ�P+�9G�㲍["y<?���8rZ'��[U���R6%����L̤
��w"�=:L����~�Ƨ^��jf���3�6� ��OP��1�.}(��e�1�10�-0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��0	+��U0	*�H��
	1	*�H��
0	*�H��
	1
150511031010Z0#	*�H��
	1/
��@y������e0l	*�H��
	1_0]0	`�He*0	`�He0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71��0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��0��*�H��
	1�����0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��0
	*�H��
����)��d�h��1kt.̾W��澪���1����rR������{�ض�����l<��{1*�����4J	�LY�w�K�y*��L��7��rc�<�޹��ɖ����:)�U��9N�@�U�Fω���1]��
�H��4Q�&l�BX���U7��D���aH�9P�h"�2�hғ��	��G�O�R�o�J������2���� ��UH�Q���ivN8dȷ&7��G�����|�M��a

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55501D92.2020102>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation