On Wed, Oct 24, 2007 at 11:46:34AM -0500, Chuck Campbell wrote: > I see these messages every time fetchmail pops my mail. I don't understand > what certificates it is talking about, or how to straighten this out. A certificate identifies the server, i.e., the client gets a piece of information about the server that can be used to start a private conversation. The certificate must be signed by an entity, that you trust. > fetchmail: Server CommonName mismatch: localhost != mail.mydomain.com The certificate was issued for the server: 'localhost', but you're connecting to 'mail.mydomain.com'. This could be a man-in-the-middle attack. > fetchmail: Server certificate verification error: self signed certificate The certificate is signed by itself, not by an external entity that you trust. You can't be sure you're talking with the correct server. > fetchmail: Server certificate verification error: certificate has expired Every certificate has a validity (start and end date when the certificate is valid). Yours has expired. > What do I need to read up on to understand this and find a fix? Public key infrastructure (PKI): http://www.gtlib.cc.gatech.edu/pub/linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html http://www.carillon.ca/library/howtos.php -- lfr 0/0 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20071024/07d16aa8/attachment-0005.sig>