Date: Sun, 10 May 2015 17:07:04 -0400 From: Ernie Luzar <luzar722@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Certificate error Message-ID: <554FC878.7070401@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello list; Been trying to setup qpopper to use TLS. I am stuck at getting a self signed certificate to work. Running fetchmail on the host to get a good log of what is really happening as shown below. After that list is the script I use to build the certificates. Maybe some one can seen what I am doing wrong in the build cert script based on the errors shown in the fetchmail list.. Thanks Script started on Sun May 10 16:30:25 2015 /root >fetchmail -vv fetchmail: WARNING: Running as root is discouraged. Old UID list from pop.powerman.com: <empty> Scratch list of UIDs: <empty> fetchmail: 6.3.26 querying pop.powerman.com (protocol POP3) at Sun May 10 16:30:37 2015: poll started Trying to connect to 10.0.10.2/110...connected. fetchmail: POP3< +OK ready <1301.1431289837@localhost> fetchmail: POP3> CAPA fetchmail: POP3< +OK Capability list follows fetchmail: POP3< TOP fetchmail: POP3< USER fetchmail: POP3< LOGIN-DELAY 0 fetchmail: POP3< EXPIRE NEVER fetchmail: POP3< UIDL fetchmail: POP3< RESP-CODES fetchmail: POP3< AUTH-RESP-CODE fetchmail: POP3< X-MANGLE fetchmail: POP3< X-MACRO fetchmail: POP3< X-LOCALTIME Sun, 10 May 2015 16:30:37 -0400 fetchmail: POP3< STLS fetchmail: POP3< . fetchmail: POP3> STLS fetchmail: POP3< +OK STLS fetchmail: Server certificate: fetchmail: Issuer Organization: Powerman fetchmail: Issuer CommonName: pop.powerman.com fetchmail: Subject CommonName: pop.powerman.com fetchmail: pop.a1poweruser.com key fingerprint: 51:EC:3E:14:EA:E0:A9:97:1F:9F:D9:30:35:72:44:EA fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: cat qpopper.build.cert #! /bin/sh # Lets get to the correct location cd /usr/local/etc/qpopper # Lets delete existing stuff to re-create clean rm -v CA.key CA.crt pop3.key.pem pop3.cert.csr pop3.cert.pem echo "Creating a private CA key" openssl genrsa -des3 -out CA.key 2048 echo "Creating a private CA certificate" openssl req -new -x509 -days 3650 -key CA.key -out CA.crt echo "Creating a private ssl/tls pop3 key" openssl genrsa -out pop3.key.pem 2048 echo "Creating a private certificate signing request" openssl req -new -key pop3.key.pem -out pop3.cert.csr echo "Sign certificate using own CAsigning request" openssl x509 -req -in pop3.cert.csr -out pop3.cert.pem -sha1 -CA CA.crt -CAkey CA.key -CAcreateserial -days 3650
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?554FC878.7070401>