Date: Sun, 10 May 2015 23:10:10 -0400 From: Jon Radel <jon@radel.com> To: freebsd-questions@freebsd.org Cc: Ernie Luzar <luzar722@gmail.com> Subject: Re: Certificate error Message-ID: <55501D92.2020102@radel.com> In-Reply-To: <554FC878.7070401@gmail.com> References: <554FC878.7070401@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms000807040606090501070104 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 5/10/15 5:07 PM, Ernie Luzar wrote: > Hello list; > Been trying to setup qpopper to use TLS. > I am stuck at getting a self signed certificate to work. > Running fetchmail on the host to get a good log of what is really=20 > happening > as shown below. After that list is the script I use to build the=20 > certificates. > Maybe some one can seen what I am doing wrong in the build cert script > based on the errors shown in the fetchmail list.. > Thanks A self-signed certificate and a certificate signed by your own CA aren't = even remotely the same thing; I'm confused as to what you're trying to=20 actually do. The list of openssl commands you give shouldn't result in=20 a self-signed certificate. See section 4 of=20 http://www.openssl.org/docs/HOWTO/certificates.txt for the incantation=20 for a self-signed certificate. > > > fetchmail: Server certificate verification error: self signed certifica= te > fetchmail: Missing trust anchor certificate: > > As a result, I'm kind of confused as to why fetchmail is complaining=20 about a missing trust anchor for a self-signed certificate. But that=20 does lead to the question: Did you install the CA certificate, CA.cert, = where fetchmail will use it for verifying certificates? You should also=20 realize that if you want to use your own CA, you're much better off not=20 creating a new one willy-nilly, as you need to install the CA cert for=20 every client which you want to actually verify the certificates signed=20 by that CA. See=20 http://lists.ccil.org/pipermail/fetchmail-friends/2006-April/010051.html = for more. --Jon Radel jon@radel.com --------------ms000807040606090501070104 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKrzCC BK8wggOXoAMCAQICEQDgI8sVEoNTia1hbnpUZ2shMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV BAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJu YWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcN MTQxMjIyMDAwMDAwWhcNMjAwNTMwMTA0ODM4WjCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgT EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RP IENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNh dGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAibEN2npTGU5wUh28VqYGJre4SeCW51Gr8fBaE0kVo7SMG2C8elFCp3mMpCLfF2FOkdV2 IwoU00oCf7YdCYBupQQ92bq7Fv6hh6kuQ1JDFnyvMlDIpk9a6QjYz5MlnHuI6DBk5qT4VoD9 KiQUMxeZrETlaYujRgZLwjPU6UCfBrCxrJNAubUIkzqcKlOjENs9IGE8VQOO2U52JQIhKfqj fHF2T+7hX4Hp+1SA28N7NVK3hN4iPSwwLTF/Wb1SN7AzaS1D6/rWpfGXd2dRjNnuJ+u8pQc4 doykqTj/34z1A6xJvsr3c5k6DzKrnJU6Ez0ORjpXdGFQvsZAP8vk4p+iIQIDAQABo4IBFzCC ARMwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFJJha4LhoqCq T+xn8cKj97SAAMHsMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1Ud JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0w OzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJv b3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAGypurFXBOquIxdjtzVXzqmthK8AJECOZD8Vm am+x9bS1d14PAmEA330F/hKzpICAAPz7HVtqcgIKQbwFusFY1SbC6tVNhPv+gpjPWBvjImOc Uvi7BTarfVil3qs7Y+Xa1XPv7OD7e+Kj//BCI5zKto1NPuRLGAOyqC3U2LtCS5BphRDbpjc0 6HvgARClnMo6x59PiDRuimXQGoq7qdzKyjbR9PzCZCk1r9axp3ER0gNDsY8+muyeMlP0dpLK hjQHuSzK5hxK2JkNwYbikJL7WkJqIyEQ6WXH9dW7fuqMhSACYurROgcsWcWZM/I4ieW26RZ6 H3kU9koQGib6fIr7mzCCBfgwggTgoAMCAQICEHNU5Tx9a7TNDWBpDfzOARswDQYJKoZIhvcN AQELBQAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhD T01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBD QTAeFw0xNTAzMzAwMDAwMDBaFw0xODAzMjkyMzU5NTlaMIH6MQswCQYDVQQGEwJVUzEOMAwG A1UEERMFMjIxNTAxCzAJBgNVBAgTAlZBMRQwEgYDVQQHEwtTcHJpbmdmaWVsZDEaMBgGA1UE CRMRNjkxNyBSaWRnZXdheSBEci4xFTATBgNVBAoTDEpvbiBULiBSYWRlbDEyMDAGA1UECxMp SXNzdWVkIHRocm91Z2ggSm9uIFQuIFJhZGVsIEUtUEtJIE1hbmFnZXIxHzAdBgNVBAsTFkNv cnBvcmF0ZSBTZWN1cmUgRW1haWwxEjAQBgNVBAMTCUpvbiBSYWRlbDEcMBoGCSqGSIb3DQEJ ARYNam9uQHJhZGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN7VG2H2 FtCpo4Of74Ll1UBAf2czZUfeg9rNm587CYgbZJcj+/c+56ZxBDcmSGalDTqBizPJduRMIuyq 8R9qViPzWN238rmVPhpV2PQt8khbJNxT3lXauwK4exK+f8+chywS1eDnesK2pLgQ60n27etj aE/xgKLLPXJjeaficomz3cwcbgCRdi5WnN9ogAMRNxWsD6trO9cR+cMldcNln1m65XXTrIii 86+FhZKVpW7yetIcmNcVkjYhfCAh5UGgyKHfK7osuPXgj9h1nSsgDwr5Q0H41bpGLe7AdcFu viOHdmqSuohVSt/VV7JuF2slx2pd0w0eMoNKUKhrFhFsvLUCAwEAAaOCAdUwggHRMB8GA1Ud IwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBTP1gHXRYR8E0eyRHCj/S+H yppC7DAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD BAYIKwYBBQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYd aHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwXQYDVR0fBFYwVDBSoFCgToZMaHR0cDov L2NybC5jb21vZG9jYS5jb20vQ09NT0RPU0hBMjU2Q2xpZW50QXV0aGVudGljYXRpb25hbmRT ZWN1cmVFbWFpbENBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwWAYIKwYBBQUHMAKGTGh0dHA6 Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5k U2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv bTAYBgNVHREEETAPgQ1qb25AcmFkZWwuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBLU976AGA/ 5JD9rkjl7vNfRGDQOEffvwseVmLEmBLot8I8vZ50oxRCLdOH0Zd8uN17J5a4xajP3blnMEdw /CQF4f6Iz8ASG7QOGLSSin+nrqD20Q8lRn8oOyrF100OsPRPKmff/fekdOMkQOrJ3MCDAHQ2 fxuWkxupLBP6PzC49qR8uyPVxIPNetMsuyYhAHtq4DJphd1bJbxirDffqstQK+M5R+eo47KN WyJ5PD/Q8ug4clobJ7P5W1Xh7KLqnVI2JffYD5+/EEzMpAsKiQTjdxci1z06TOr/9/Z+68an Xuvyambg6OMzkTaTCyD1sE9QExHj+zGiwpUufSj2vGWjMYIEMTCCBC0CAQEwgbAwgZsxCzAJ BgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZv cmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1 NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQc1TlPH1rtM0N YGkN/M4BGzAJBgUrDgMCGgUAoIICVTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqG SIb3DQEJBTEPFw0xNTA1MTEwMzEwMTBaMCMGCSqGSIb3DQEJBDEWBBQaGC8K3xb7GkB5iMGY 7B/zBx+eZTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYI KoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG SIb3DQMCAgEoMIHBBgkrBgEEAYI3EAQxgbMwgbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQI ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E TyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGlj YXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQc1TlPH1rtM0NYGkN/M4BGzCBwwYLKoZIhvcN AQkQAgsxgbOggbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0 ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYD VQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBF bWFpbCBDQQIQc1TlPH1rtM0NYGkN/M4BGzANBgkqhkiG9w0BAQEFAASCAQDJ280pyf5kgh9o 8u0LMWt0Lsy+V4PyCOa+qhi65ZnmMQiOlufIclIP3/vy/6KOFXuEFNi2qvXN3NtsPJnfezEq AMfrC5Lw3zRKCcoHTFkc84kad8dL0XkquapMB/S1NxzD3HJjqjyV3rmN18mWt5z9G7E6Dino EVWb0BM5TpVAo1XoRs+Jp7KxMV2oywqpSK3qBjRRqCZsGhzutRRCHFj8nuVVN/qORLYf0NRh SNo5UP1oIp0yg2jSk5GwCeqs40fjT/ZSl2/2SsCO9hfi64DyMuuK86nB4CCKklUCBxhI7oNR /fHtaQh2TjhkyLcmNw/l70cRrofsyMQcfLFNrZFhAAAAAAAA --------------ms000807040606090501070104--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55501D92.2020102>