Here is my steps to get fetchmail to stop complaining about SSL certificates.
You Might get an error like :
fetchmail: Server certificate verification error: unable to get local
issuer certificate
fetchmail: This means that the root signing certificate (issued for
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA
Certification Authority) is not in the trusted CA certificate locations,
or that c_rehash needs to be run on the certificate directory. For
details, please see the documentation of --sslcertpath and --sslcertfile
in the manual page.
I run my fetchmail like :
/usr/bin/fetchmail --ssl --sslcertck --sslcertpath=/etc/fetchmail/cert -a -K -f /etc/fetchmailrc
You need to get the server’s certificate and the CA certificate under /etc/fetchmail/cert
openssl s_client -connect server.yourdomain.com:993
look for Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=server.yourdomain.com
and copy the section —–BEGIN CERTIFICATE—–
….
—–END CERTIFICATE—–
including the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– sections to a file.
If you dont know how to do it what I normally do is highlight it in a terminal then in another terminal I do a :
cd /etc/fetchmail/cert
vi your.server.com.pem
and hit ESC I (vi insert command) right click with my mouse to paste and then ESC :wq (vi write & quit command)
Now all you need is the CA Cert. Have a look in the output of the openssl command and look for issuer. I had to download it form their site. If it was a legitimate issuer you might not need to do this part.
Now you need to do a
cd /etc/fetchmail/
c_rehash cert
to rehash the certificates.