LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-06-2010, 06:17 PM   #1
Tim Johnson
Member
 
Registered: Oct 2004
Location: Palmer, Alaska
Distribution: ubuntu 10.04, Slack 13.0/32-bit
Posts: 206

Rep: Reputation: 30
Problem getting gmail (local issuer certificate) with fetchmail


Using ubuntu 10.04 32-bit
I'm unable to get a gmail connection:
Polling code in .fetchmailrc:
Code:
poll pop.gmail.com with proto POP3
       user 'tim042849' there with password 'xxxxxx' is 'tim' here  options ssl sslcertck sslcertpath /home/tim/.certs/
Relevant log messages:
Quote:
fetchmail: Server certificate verification error: unable to get local issuer certificate
4034:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:980:
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from tim042849@pop.gmail.com
fetchmail: Query status=2 (SOCKET)
The certificates were installed as per the tutorial at:
http://www.axllent.org/docs/networki...with_fetchmail
With the remote certificate installed using:
Code:
wget -O equifax.pem
https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authori
ty.cer
Both of the certificate files have permissions of 644 and user is
tim
Unless I'm wrong, the key message is
Quote:
Server certificate verification error: unable to get
local issuer certificate
Any and all help is appreciated.
 
Old 10-07-2010, 03:31 AM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,497

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
Try

Code:
poll pop.gmail.com with proto POP3
       user 'tim042849@gmail.com' there with password 'xxxxxx' is 'tim' here  options ssl sslcertck sslcertpath /home/tim/.certs
Note the @gmail.com, and the /home/tim/.certs without the /

Kind regards
 
Old 10-07-2010, 10:21 AM   #3
Tim Johnson
Member
 
Registered: Oct 2004
Location: Palmer, Alaska
Distribution: ubuntu 10.04, Slack 13.0/32-bit
Posts: 206

Original Poster
Rep: Reputation: 30
Hello repo:
Quote:
Originally Posted by repo View Post
Try

Code:
poll pop.gmail.com with proto POP3
       user 'tim042849@gmail.com' there with password 'xxxxxx' is 'tim' here  options ssl sslcertck sslcertpath /home/tim/.certs
Note the @gmail.com, and the /home/tim/.certs without the /
Kind regards
Sorry. Same results.
also from the mutt mailing list, which did not offer a solution but made this comment:
Quote:
think your issue may be due to Gmail's use of intermediate cert which you have not installed.
thanks
tim

Last edited by Tim Johnson; 10-07-2010 at 10:32 AM.
 
Old 10-07-2010, 10:37 AM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,497

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
Try the following
When you do
Code:
$ fetchmail -d0 -vk pop.gmail.com
You will see a fingerprint like
Quote:
pop.gmail.com key fingerprint: 6B:C4:63:05:87:1E:72:88:ED:81:C5:A2:51:6B:B7:B6
Use this fingerprint in your fetchmailrc

Code:
user 'tim042849@gmail.com' there with password 'xxxxxxxx' is 'tim' here options keep no rewrite ssl sslfingerprint '6B:C4:63:05:87:1E:72:88:ED:81:C5:A2:51:6B:B7:B6' 
sslcertck sslcertpath /home/tim/.certs
Kind regards
 
Old 10-07-2010, 11:00 AM   #5
Tim Johnson
Member
 
Registered: Oct 2004
Location: Palmer, Alaska
Distribution: ubuntu 10.04, Slack 13.0/32-bit
Posts: 206

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by repo View Post
Try the following
When you do
Code:
$ fetchmail -d0 -vk pop.gmail.com
You will see a fingerprint like


Use this fingerprint in your fetchmailrc

Code:
user 'tim042849@gmail.com' there with password 'xxxxxxxx' is 'tim' here options keep no rewrite ssl sslfingerprint '6B:C4:63:05:87:1E:72:88:ED:81:C5:A2:51:6B:B7:B6' 
sslcertck sslcertpath /home/tim/.certs
Kind regards
OK. Thanks. I will have to play with that code. BTW: I realized that
I had forgotten to run
Code:
c_rehash $HOME/.certs/
after I had
updated a cert. So I am now getting mail.
cheers
tim
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fetchmail socket error and certificate verification lmcilwain Linux - Software 8 09-24-2010 05:45 AM
fetchmail from gmail will not retrieve local messages I send to myself h34th Linux - Software 3 01-18-2009 01:40 AM
am_pkcs11 Couldn't verify Cert: Peer's Certificate issuer is not recognized. redhawk1973 Linux - Security 1 11-09-2007 10:47 AM
gftp: "Error 20:unable to get local issuer certificate" desmond33 Linux - Software 0 03-21-2007 01:07 AM
Fetchmail with Gmail RySk8er30 Linux - Software 1 04-16-2005 02:37 PM


All times are GMT -5. The time now is 11:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration