[Dovecot] Solution (with new problem) of: Server CommonName mismatch: localhost.localdomain

Timo Sirainen tss at iki.fi
Sun Jun 18 01:09:32 EEST 2006


On Tue, 2006-06-13 at 20:54 +0200, M. Fioretti wrote:
> 2) if I run fetchmail here with these options:
> 
> I get:
> 
> fetchmail: 6.3.2 querying my.remote.server (protocol POP3) at Tue 13 Jun 2006 07:22:34 PM CEST: poll started
> fetchmail: Issuer Organization: My organization
> fetchmail: Issuer CommonName: my.remote.server
> fetchmail: Server CommonName: my.remote.server
> fetchmail: my.remote.server key fingerprint: the one obtained running openssl on the server
> fetchmail: my.remote.server fingerprints match.
> fetchmail: Server certificate verification error: unable to get local issuer certificate
> 26227:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894:
> fetchmail: SSL connection failed.
> fetchmail: socket error while fetching from m-mail at fm.vm.bytemark.co.uk
> 
> What is the "local issuer" problem? What am I missing? Is it a
> consequence of problem 1) ? What is happening, and what must I do to
> use this certificate? Is it a dovecot only problem?

I'm guessing it's because you're using a self-signed certificate and
fetchmail can't be sure that the certificate is valid. You'll either to:

a) tell fetchmail to ignore the problem (which makes man-in-the-middle
attacks possible)

b) tell fetchmail somehow about the certificate

c) create your own CA, create the certificate using it and tell
fetchmail about your CA certificate

No idea which of those options are possible with fetchmail. In any case
these problems have more to do with SSL in general and fetchmail than
Dovecot..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060618/7b7dbff8/attachment.pgp


More information about the dovecot mailing list