[CentOS] fetchmail log messages I don't understand

Wed Oct 24 17:03:32 UTC 2007
Luciano Rocha <strange at nsk.no-ip.org>

On Wed, Oct 24, 2007 at 11:46:34AM -0500, Chuck Campbell wrote:
> I see these messages every time fetchmail pops my mail.  I don't understand
> what certificates it is talking about, or how to straighten this out.

A certificate identifies the server, i.e., the client gets a piece of
information about the server that can be used to start a private
conversation. The certificate must be signed by an entity, that you
trust.

> fetchmail: Server CommonName mismatch: localhost != mail.mydomain.com

The certificate was issued for the server: 'localhost', but you're
connecting to 'mail.mydomain.com'. This could be a man-in-the-middle
attack.

> fetchmail: Server certificate verification error: self signed certificate

The certificate is signed by itself, not by an external entity that you
trust. You can't be sure you're talking with the correct server.

> fetchmail: Server certificate verification error: certificate has expired

Every certificate has a validity (start and end date when the
certificate is valid). Yours has expired.

> What do I need to read up on to understand this and find a fix?

Public key infrastructure (PKI):

http://www.gtlib.cc.gatech.edu/pub/linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html
http://www.carillon.ca/library/howtos.php

-- 
lfr
0/0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20071024/07d16aa8/attachment-0005.sig>