LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Problem getting gmail (local issuer certificate) with fetchmail (http://www.linuxquestions.org/questions/linux-software-2/problem-getting-gmail-local-issuer-certificate-with-fetchmail-836640/)

Tim Johnson 10-06-2010 06:17 PM

Problem getting gmail (local issuer certificate) with fetchmail
 
Using ubuntu 10.04 32-bit
I'm unable to get a gmail connection:
Polling code in .fetchmailrc:
Code:

poll pop.gmail.com with proto POP3
      user 'tim042849' there with password 'xxxxxx' is 'tim' here  options ssl sslcertck sslcertpath /home/tim/.certs/

Relevant log messages:
Quote:

fetchmail: Server certificate verification error: unable to get local issuer certificate
4034:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:980:
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from tim042849@pop.gmail.com
fetchmail: Query status=2 (SOCKET)
The certificates were installed as per the tutorial at:
http://www.axllent.org/docs/networki...with_fetchmail
With the remote certificate installed using:
Code:

wget -O equifax.pem
https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authori
ty.cer

Both of the certificate files have permissions of 644 and user is
tim
Unless I'm wrong, the key message is
Quote:

Server certificate verification error: unable to get
local issuer certificate
Any and all help is appreciated.

repo 10-07-2010 03:31 AM

Try

Code:

poll pop.gmail.com with proto POP3
      user 'tim042849@gmail.com' there with password 'xxxxxx' is 'tim' here  options ssl sslcertck sslcertpath /home/tim/.certs

Note the @gmail.com, and the /home/tim/.certs without the /

Kind regards

Tim Johnson 10-07-2010 10:21 AM

Hello repo:
Quote:

Originally Posted by repo (Post 4120258)
Try

Code:

poll pop.gmail.com with proto POP3
      user 'tim042849@gmail.com' there with password 'xxxxxx' is 'tim' here  options ssl sslcertck sslcertpath /home/tim/.certs

Note the @gmail.com, and the /home/tim/.certs without the /
Kind regards

:o Sorry. Same results.
also from the mutt mailing list, which did not offer a solution but made this comment:
Quote:

think your issue may be due to Gmail's use of intermediate cert which you have not installed.
thanks
tim

repo 10-07-2010 10:37 AM

Try the following
When you do
Code:

$ fetchmail -d0 -vk pop.gmail.com
You will see a fingerprint like
Quote:

pop.gmail.com key fingerprint: 6B:C4:63:05:87:1E:72:88:ED:81:C5:A2:51:6B:B7:B6
Use this fingerprint in your fetchmailrc

Code:

user 'tim042849@gmail.com' there with password 'xxxxxxxx' is 'tim' here options keep no rewrite ssl sslfingerprint '6B:C4:63:05:87:1E:72:88:ED:81:C5:A2:51:6B:B7:B6'
sslcertck sslcertpath /home/tim/.certs

Kind regards

Tim Johnson 10-07-2010 11:00 AM

Quote:

Originally Posted by repo (Post 4120615)
Try the following
When you do
Code:

$ fetchmail -d0 -vk pop.gmail.com
You will see a fingerprint like


Use this fingerprint in your fetchmailrc

Code:

user 'tim042849@gmail.com' there with password 'xxxxxxxx' is 'tim' here options keep no rewrite ssl sslfingerprint '6B:C4:63:05:87:1E:72:88:ED:81:C5:A2:51:6B:B7:B6'
sslcertck sslcertpath /home/tim/.certs

Kind regards

OK. Thanks. I will have to play with that code. BTW: I realized that
I had forgotten to run
Code:

c_rehash $HOME/.certs/
after I had
updated a cert. So I am now getting mail.
cheers
tim


All times are GMT -5. The time now is 11:12 PM.