I have a remote server running centos 4.3 and a home desktop running suse 10.1. I have generated an SSL certificate on the server, copied it on the desktop and run on the desktop:
openssl x509 -in mynewcertCert.pem -fingerprint -subject -issuer -serial -hash -noout c_rehash .
getting this warning:
Doing . WARNING: mynewcertPrivateKey.pem does not contain a certificate or CRL: skipping mynewcertCert.pem => 2764d17c.0
Now I have noted two things:
1) the fingerprint generated from the openssl command above is different when I run it on centos or on suse 10.1. Why?
2) if I run fetchmail here with these options:
I get:
fetchmail: 6.3.2 querying my.remote.server (protocol POP3) at Tue 13 Jun 2006 07:22:34 PM CEST: poll started fetchmail: Issuer Organization: The M Zone fetchmail: Issuer CommonName: my.remote.server fetchmail: Server CommonName: my.remote.server fetchmail: my.remote.server key fingerprint: the one obtained running openssl on the server fetchmail: my.remote.server fingerprints match. fetchmail: Server certificate verification error: unable to get local issuer certificate 26227:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894: fetchmail: SSL connection failed. fetchmail: socket error while fetching from m-mail@fm.vm.bytemark.co.uk
What is the "local issuer" problem? What am I missing? Is it a consequence of problem 1) ? What is happening, and what must I do to use this certificate?
TIA, Marco