On Tue, 2006-06-13 at 20:54 +0200, M. Fioretti wrote:
- if I run fetchmail here with these options:
I get:
fetchmail: 6.3.2 querying my.remote.server (protocol POP3) at Tue 13 Jun 2006 07:22:34 PM CEST: poll started fetchmail: Issuer Organization: My organization fetchmail: Issuer CommonName: my.remote.server fetchmail: Server CommonName: my.remote.server fetchmail: my.remote.server key fingerprint: the one obtained running openssl on the server fetchmail: my.remote.server fingerprints match. fetchmail: Server certificate verification error: unable to get local issuer certificate 26227:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894: fetchmail: SSL connection failed. fetchmail: socket error while fetching from m-mail@fm.vm.bytemark.co.uk
What is the "local issuer" problem? What am I missing? Is it a consequence of problem 1) ? What is happening, and what must I do to use this certificate? Is it a dovecot only problem?
I'm guessing it's because you're using a self-signed certificate and fetchmail can't be sure that the certificate is valid. You'll either to:
a) tell fetchmail to ignore the problem (which makes man-in-the-middle attacks possible)
b) tell fetchmail somehow about the certificate
c) create your own CA, create the certificate using it and tell fetchmail about your CA certificate
No idea which of those options are possible with fetchmail. In any case these problems have more to do with SSL in general and fetchmail than Dovecot..