Well, here's what happened with gmail. There's the presented certificate which chains to an Equifax certificate and if fetchmail couldn't find both intact it wouldn't download any email from gmail. I'll try and get the Microsoft certificate saved and see what happens from there. I do know that the netscape ca-bundle makes no reference to Microsoft in its text at all, checked it out with grep this morning. On Wed, 16 Feb 2011, Sam Hartman wrote: > It's not actually typically the case that a X.509 certificate will > include the address of a root certificate or really even the address of > any certificate higher in any certification chain. > You can use > openssl -x509 -out /dev-null -text -in file_containing_certificate > to see what's actually in the certificate > but I suspect you'll be disappointed. > > It's also not likely that you need a root certificate . You should be > able to tell fetchmail that the CA certificate for the cite is a trust > anchor and that it should just chain from there. Roots aren't actually > special. > If fetchmail just uses openssl you may only need to drop the CA > certificate into a directory of certificates and possibly run c_rehash. > > _______________________________________________ > Blinux-list mailing list > Blinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/blinux-list > > _______________________________________________ Blinux-list mailing list Blinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/blinux-list