[CentOS] fetchmail log messages I don't understand

Wed Oct 24 19:11:54 UTC 2007
David Mackintosh <David.Mackintosh at xdroop.com>

On Wed, Oct 24, 2007 at 11:46:34AM -0500, Chuck Campbell wrote:
> I see these messages every time fetchmail pops my mail.  I don't understand
> what certificates it is talking about, or how to straighten this out.
> 
> fetchmail: Server CommonName mismatch: localhost != mail.mydomain.com
> fetchmail: Server certificate verification error: self signed certificate
> fetchmail: Server certificate verification error: certificate has expired
> 
> What do I need to read up on to understand this and find a fix?

I get messages like this with my fetchmail -- the cause has been either
the mail provider on the remote end is using a default, self-signed and unmaintained
certificate (ie when you install Sendmail, you get some self-signed certs
generated that are useless beyond the scope of your own private use); in
other cases I have been referring to the computer by a name which differs from
that which the certificate was created with.

In this case I suspect a combination of the two.  It looks like the
service provider got a default cert set up with the system referring to
itself as 'localhost', which is naturally different form the name
'mail.mydomain.com' which is how you are referring to it.

In practice this is probably nothing to worry unduly about unless you
are paying extra for verified TLS-secured mail transmission.  The expired,
mismatched-name cert will be used to encrypt the mail transmission just as
well as a "proper" cert will.

-- 
 /\oo/\
/ /()\ \ David Mackintosh | 
         dave at xdroop.com  | http://www.xdroop.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20071024/27250721/attachment-0005.sig>