Comments in-line.
On Mon, Feb 07, 2011 at 04:52:31AM -0500, Jude DaShiell wrote:
> I fixed the sslcertpath in my .fetchmailrc file. That made no change in
> the error I get.
OK.
Check that you've got the right certificate from gmail; run this command:
echo | openssl s_client -connect imap.gmail.com:993
> jude@md:~$ lsc/etc/ssl/certs/
> gmail.crt google.crt
I'm not sure of the above command you ran. If it was actually a listing of
that directory ("ls /etc/ssl/certs"), then I think the certificate
conversion step (which may or may not be required) was missing.
The c_rehash command/script (required by openssl) creates symbolic links
in the target directory, of certificates it finds, in .pem format.
Run these two commands (in order) to convert .crt file to .pem file:
openssl x509 -in gmail.crt -out gmail.der -outform DER
openssl x509 -in gmail.der -inform DER -out gmail.pem -outform PEM
Also, I noticed that certificate checking requires that "your system clock
be reasonably accurate".
--
Henry Yen Aegis Information Systems, Inc.
Senior Systems Programmer Hicksville, New York
_______________________________________________
Blinux-list mailing list
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list