From owner-freebsd-questions@FreeBSD.ORG Mon Jul 5 06:05:41 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21987106566B for ; Mon, 5 Jul 2010 06:05:41 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id 7464C8FC0A for ; Mon, 5 Jul 2010 06:05:39 +0000 (UTC) X-Spam-Status: No X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.2, required 5, autolearn=not spam, ALL_TRUSTED -1.00, BAYES_50 0.80) X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-ID: o6565Ow6010178 Received: from kobe.laptop (178.128.137.140.dsl.dyn.forthnet.gr [178.128.137.140]) (authenticated bits=128) by igloo.linux.gr (8.14.3/8.14.3/Debian-9.1) with ESMTP id o6565Ow6010178 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 5 Jul 2010 09:05:30 +0300 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.4/8.14.4) with ESMTP id o6565IRY004288 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Jul 2010 09:05:18 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.4/8.14.4/Submit) id o6565ISm004285; Mon, 5 Jul 2010 09:05:18 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) From: Giorgos Keramidas To: Marco Beishuizen References: Date: Mon, 05 Jul 2010 09:05:17 +0300 In-Reply-To: (Marco Beishuizen's message of "Sat, 3 Jul 2010 23:36:58 +0200 (CEST)") Message-ID: <87sk3yv4yq.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: fetchmail certificate verification messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jul 2010 06:05:41 -0000 On Sat, 3 Jul 2010 23:36:58 +0200 (CEST), Marco Beishuizen wrote: > Hi, > > I'm seeing in my logfiles a lot of messages like these from fetchmail: > > Jul 3 22:02:54 yokozuna fetchmail[1437]: Server certificate > verification error: self signed certificate in certificate chain > Jul 3 22:02:54 yokozuna fetchmail[1437]: This means that the root > signing certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External > TTP Network/CN=AddTrust External CA Root) is not in the trusted CA > certificate locations, or that c_rehash needs to be run on the > certificate directory. For details, please see the documentation of > sslcertpath and sslcertfile in the manual page. > > Does anyone know what these messages mean and if they are harmless or > not? This means that the certificate of CN="AddTrust External CA Root" is signed by itself. It's a common thing when the administrator of the respective SSL-enabled host has not bought a certificate from one of the global CA authorities, but has signed the certificate with itself to avoid the costs & process associated with maintaining a "normal" certificate. If you know that the respective domain is indeed set up this way, the warning is harmless.