Date: Tue, 11 Nov 2008 08:28:52 -0600 From: David Kelly <dkelly@hiwaay.net> To: Jeremy Chadwick <koitsu@freebsd.org> Cc: Polytropon <freebsd@edvax.de>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Strange messages by fetchmail: Server certificate verification error Message-ID: <20081111142852.GA56495@Grumpy.DynDNS.org> In-Reply-To: <20081111065241.GA90011@icarus.home.lan> References: <20081111071831.9c9d56f2.freebsd@edvax.de> <20081111065241.GA90011@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 10, 2008 at 10:52:41PM -0800, Jeremy Chadwick wrote: > On Tue, Nov 11, 2008 at 07:18:31AM +0100, Polytropon wrote: > > Secondly, this is a very, very common question on the fetchmail-users > public mailing list (not at freebsd.org). Google returns hundreds of > results for "unable to get local issuer" fetchmail. Perhaps now but it wasn't as common a couple of weeks ago when it bit me. > These messages mean that the POP3+SSL or IMAP+SSL server's SSL certs > cannot be verified by fetchmail. What you see are warnings, not > errors, which is why fetching mail works regardless. It's recommended > you fix the warnings. Yes, they were warnings that TLS failed and that it fell back to unencrypted plain password. :-( Run "fetchmail -v" and see precisely what the failure was and the solution. > fetchmail-6.3.8_7, and a couple earlier versions (I would have to check > to see when it was added), include security/ca_root_nss as a dependency. I already had that but still had the problem. > That port includes a list of common public CAs which certificates (on > the server) can be verified against. Running "fetchmail -v" I saw that I needed "Equifax Secure Global eBusiness CA-1" which was apparently lacking from ca_root_nss. Downloaded from Equifax (Safari on MacOS was happy with their cert) and added them myself to /usr/local/certs. Some instructions said one must run some sort of indexing utility against the certs. I found the utility somewhere practically hidden and tried it. Generated files unlike anything I had previously. Deleted extra and everything works anyway. -- David Kelly N4HHE, dkelly@HiWAAY.net ======================================================================== Whom computers would destroy, they must first drive mad.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081111142852.GA56495>