[CentOS] fetchmail log messages I don't understand

Wed Oct 24 17:22:21 UTC 2007
Johnny Hughes <johnny at centos.org>

Luciano Rocha wrote:
> On Wed, Oct 24, 2007 at 11:46:34AM -0500, Chuck Campbell wrote:
>> I see these messages every time fetchmail pops my mail.  I don't understand
>> what certificates it is talking about, or how to straighten this out.
> A certificate identifies the server, i.e., the client gets a piece of
> information about the server that can be used to start a private
> conversation. The certificate must be signed by an entity, that you
> trust.
>> fetchmail: Server CommonName mismatch: localhost != mail.mydomain.com
> The certificate was issued for the server: 'localhost', but you're
> connecting to 'mail.mydomain.com'. This could be a man-in-the-middle
> attack.
>> fetchmail: Server certificate verification error: self signed certificate
> The certificate is signed by itself, not by an external entity that you
> trust. You can't be sure you're talking with the correct server.
>> fetchmail: Server certificate verification error: certificate has expired
> Every certificate has a validity (start and end date when the
> certificate is valid). Yours has expired.
>> What do I need to read up on to understand this and find a fix?
> Public key infrastructure (PKI):
> http://www.gtlib.cc.gatech.edu/pub/linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html
> http://www.carillon.ca/library/howtos.php

I would like to point out that the certificate in question resides on
the server where you are getting ou mail from ... not your machine with
fetch on it, so unless you own the mail server that it is pulling from,
you are not going to fix the certificate.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20071024/2554878c/attachment-0005.sig>