SSL fingerprints mailserver

I use fetchmail to pull down my mail from the mailserver, just now the ssl fingerprints changed
leading to an error like:


fetchmail: <mailserver> fingerprints do not match!
12096:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:../../../../common/openssl/ssl/s3_clnt.c:894:
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from <userid>@<mailserver>
fetchmail: Query status=2 (SOCKET)

So to get the new fingerprint, firstly get the changed ssl cert:


openssl s_client -connect <mailserver>:<port> -showcerts

and copy say the first cert to a file <mailserver>.pem. Now generate
the SSL fingerprint of this pem file:


openssl x509 -fingerprint -md5 -noout -in <mailserver>.pem
MD5 Fingerprint=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

and put it in the .fetchmailrc file:


poll <mailserver> protocol imap port <port>
username <userid>
ssl sslfingerprint XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
sslcertpath /path/to/certs

Whew, nice and quick, thanks to google :)

Comments:

Post a Comment:
Comments are closed for this entry.
About

smg

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today