Re: [gentoo-user] Import SSL Certificate Authority [SOLVED]

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Willie Wong <wwong@Princeton.EDU>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Import SSL Certificate Authority [SOLVED]
Date: Thu, 2 Mar 2006 13:15:15 -0500	[thread overview]
Message-ID: <20060302181515.GA9411@princeton.edu> (raw)
In-Reply-To: <20060302171958.GA11457@princeton.edu>

On Thu, Mar 02, 2006 at 12:19:58PM -0500, Penguin Lover Willie Wong squawked:
> [12:12 PM]wwong ~ $ fetchmail
> fetchmail: Server certificate verification error: unable to get local issuer certificate
> fetchmail: Server certificate verification error: certificate not trusted
> fetchmail: Server certificate verification error: unable to verify the first certificate
> 
>        --sslcertpath <directory>
>               (Keyword: sslcertpath) Sets the directory fetchmail uses to look
>               up  local certificates. The default is your OpenSSL default one.
>               The directory must be hashed as OpenSSL expects it - every  time
>               you  add  or  modify a certificate in the directory, you need to
>               use the c_rehash tool (which comes with OpenSSL  in  the  tools/
>               subdirectory).
> 
> so I guess my question is how to import a certificate into OpenSSL?
> 

Nevermind, solved. 

First, download the certificate [say, "university.crt"]
Second, [the step I was missing, from 'man x509'], 
  openssl x509 -in university.crt -addtrust emailProtection -out uni.pem
Third, put the file uni.pem into a directory, say ~/.my_trusted_certs
Fourth, run 
  c_rehash ~/.my_trusted_certs
Fifth, edit the .fetchmailrc to append 'sslcertpath "$HOME/.my_trusted_certs"'
to the university's line. 

Now it works without the error. 

W
-- 
"All of this is on the web, so other people know it too."
~DeathMech, S. Sondhi. P-town PHY 205
Sortir en Pantoufles: up 110 days, 10:35
-- 
gentoo-user@gentoo.org mailing list

     prev parent reply	other threads:[~2006-03-02 18:20 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-03-02 17:19 [gentoo-user] Import SSL Certificate Authority Willie Wong
2006-03-02 18:15 ` Willie Wong [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060302181515.GA9411@princeton.edu \
    --to=wwong@princeton.edu \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox