Getting fetchmail to work with SSL

Here is my steps to get fetchmail to stop complaining about SSL certificates.
You Might get an error like :

fetchmail: Server certificate verification error: unable to get local
issuer certificate
fetchmail: This means that the root signing certificate (issued for
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA
Certification Authority) is not in the trusted CA certificate locations,
or that c_rehash needs to be run on the certificate directory. For
details, please see the documentation of --sslcertpath and --sslcertfile
in the manual page.

I run my fetchmail like :
/usr/bin/fetchmail --ssl --sslcertck --sslcertpath=/etc/fetchmail/cert -a -K -f /etc/fetchmailrc
You need to get the server’s certificate and the CA certificate under /etc/fetchmail/cert

openssl s_client -connect server.yourdomain.com:993

look for Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=server.yourdomain.com
and copy the section —–BEGIN CERTIFICATE—–
….
—–END CERTIFICATE—–
including the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– sections to a file.

If you dont know how to do it what I normally do is highlight it in a terminal then in another terminal I do a :

cd /etc/fetchmail/cert
vi your.server.com.pem

and hit ESC I (vi insert command) right click with my mouse to paste and then ESC :wq (vi write & quit command)

Now all you need is the CA Cert. Have a look in the output of the openssl command and look for issuer. I had to download it form their site. If it was a legitimate issuer you might not need to do this part.

Now you need to do a

cd /etc/fetchmail/
c_rehash cert

to rehash the certificates.

Leave a Reply

Your email address will not be published. Required fields are marked *