On Tue, 13 Jun 2006, M. Fioretti wrote:
I have a remote server with dovecot 1.0-0_12.beta8 on Centos 4.3.
IMAP works just fine: I can read email from both Squirrelmail via
web and Kmail.
Now I have created an ssl certificate on the server, and I'm trying
to retrieve email via pop3s from my home PC (running suse, if this
matters)
When I launch fetchmail here at home I get the error below. Is it
caused by dovecot, or something else on the server, like some error
I could have made when generating and copying certificates?
marco@polaris:~> fetchmail -vv
fetchmail: 6.3.2 querying my.vps.fqdn.name (protocol POP3) at Tue 13 Jun 2006 05:22:50 PM CEST:
+poll started
fetchmail: Issuer Organization: SomeOrganization
fetchmail: Issuer CommonName: localhost.localdomain
fetchmail: Server CommonName: localhost.localdomain
fetchmail: Server CommonName mismatch: localhost.localdomain != my.vps.fqdn.name
fetchmail: my.vps.fqdn.name key fingerprint: 20:93:B4:D8:CB:75:AD:72:F6:00:A8:DC:CE:F2:53:6E
fetchmail: my.vps.fqdn.name fingerprints do not match!
23942:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
+failed:s3_clnt.c:894:
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from remoteuser@xxxxxxxxxxxxxxxx
On your IMAP server, check out your certificate's thoughts about
itself:
openssl x509 -noout -subject -in /path/to/cert.pem
I'm guessing that it'll report its common name (CN) as
"localhost.domain." SSL clients typically want the remote cert's CN to
match the hostname they're polling to avoid one server impersonating
another.
You'll probably want to build a new cert, specifying the CN as the
public hostname of your IMAP server, e.g.,
openssl req \
-x509 -nodes -days 365 \
-subj '/C=IT/L=Roma/CN=my.vps.fqdn.name' \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> www.madboa.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
