[CentOS] Re: fetchmail log messages I don't understand
tony at softins.clara.co.uk
Wed Oct 24 17:18:47 UTC 2007
In article <20071024170332.GA9826 at bit.office.eurotux.com>,
Luciano Rocha <strange at nsk.no-ip.org> wrote:
> On Wed, Oct 24, 2007 at 11:46:34AM -0500, Chuck Campbell wrote:
> > I see these messages every time fetchmail pops my mail. I don't understand
> > what certificates it is talking about, or how to straighten this out.
> A certificate identifies the server, i.e., the client gets a piece of
> information about the server that can be used to start a private
> conversation. The certificate must be signed by an entity, that you
> > fetchmail: Server CommonName mismatch: localhost != mail.mydomain.com
> The certificate was issued for the server: 'localhost', but you're
> connecting to 'mail.mydomain.com'. This could be a man-in-the-middle
Or it could be a poorly set up mail server.
> > fetchmail: Server certificate verification error: self signed certificate
> The certificate is signed by itself, not by an external entity that you
> trust. You can't be sure you're talking with the correct server.
> > fetchmail: Server certificate verification error: certificate has expired
> Every certificate has a validity (start and end date when the
> certificate is valid). Yours has expired.
Actually, it is not "your" certifiate. It is the certificate installed
on the mail server. It looks like the administrator of your mail server
has set it up with a test certificate issued to "localhost", signed by
itself, and which has now expired. They should instead purchase a
validated certificate from a certification authority.
> > What do I need to read up on to understand this and find a fix?
It's not something you can fix, except by getting your mail hosting
from another provider, or persuading your current provider to get
a proper certificate.
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org
More information about the CentOS