Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
Apple Computing Products:
macOS - Operating System
Fetchmail :: unable to get local issuer certificate
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="timinak" data-source="post: 1311498" data-attributes="member: 214908"><p>FYI: Linux user, setting up on Mac Lion (Darwin Kernel Version</p><p>11.2.0). Comfortable with command line, but not a virtuoso, new to</p><p>Mac.</p><p></p><p>When attempting to fetch mail for pop.gmail.com the following error</p><p>messages are generated :</p><p>[code]</p><p>fetchmail: Server certificate verification error: unable to get local issuer</p><p>certificate fetchmail: This means that the root signing certificate (issued for</p><p>/C=US/O=Google Inc/CN=Google Internet Authority) is not in the trusted CA</p><p>certificate locations, or that c_rehash needs to be run on the certificate</p><p>directory. For details, please see the documentation of --sslcertpath and</p><p>--sslcertfile in the manual page. fetchmail: Certificate/fingerprint</p><p>verification was somehow skipped! fetchmail: SSL connection failed.</p><p>fetchmail: socket error while fetching from tim042849@pop.gmail.com fetchmail:</p><p>6.3.18 querying pop.gmail.com (protocol POP3) at Sun, 16 Oct 2011 10:20:39</p><p>-0800 (AKDT): poll completed fetchmail: Query status=2 (SOCKET)</p><p>[/code]</p><p>cert files are in /Users/tim/.certs</p><p>Two files were created from</p><p>openssl s_client -connect pop.gmail.com:995 -showcerts</p><p>1)gmail.pem = google cert</p><p>2)equifax.pem = equifax cert</p><p>c_rehash was run after certificates were installed.</p><p>permissions :</p><p> cert files are 644 tim:staff</p><p> cert directory is 755</p><p>Polling code in .fetchmailrc is</p><p>[code]</p><p>poll pop.gmail.com with proto POP3 user '*********' there with</p><p>password '******' is 'tim' here mda "/usr/bin/procmail" options ssl</p><p>sslcertck sslcertpath /Users/tim/.certs</p><p>[/code]</p><p>Entry from fetchmail -V :</p><p>[code]</p><p>Options for retrieving from *********@pop.gmail.com:</p><p> True name of server is pop.gmail.com.</p><p> Protocol is POP3.</p><p> All available authentication methods will be tried.</p><p> SSL encrypted sessions enabled.</p><p> SSL server certificate checking enabled.</p><p> SSL trusted certificate directory: /Users/tim/.certs</p><p> Server nonresponse timeout is 300 seconds (default).</p><p> Default mailbox selected.</p><p> Only new messages will be retrieved (--all off).</p><p> Fetched messages will not be kept on the server (--keep off).</p><p> Old messages will not be flushed before message retrieval (--flush off).</p><p> Oversized messages will not be flushed before message retrieval (--limitflush off).</p><p> Rewrite of server-local addresses is enabled (--norewrite off).</p><p> Carriage-return stripping is enabled (stripcr on).</p><p> Carriage-return forcing is disabled (forcecr off).</p><p> Interpretation of Content-Transfer-Encoding is enabled (pass8bits off).</p><p> MIME decoding is disabled (mimedecode off).</p><p> Idle after poll is disabled (idle off).</p><p> Nonempty Status lines will be kept (dropstatus off)</p><p> Delivered-To lines will be kept (dropdelivered off)</p><p> Fetch message size limit is 100 (--fetchsizelimit 100).</p><p> Do binary search of UIDs during 3 out of 4 polls (--fastuidl 4).</p><p> Messages will be delivered with "/usr/bin/procmail".</p><p> Single-drop mode: 1 local name recognized.</p><p> No UIDs saved from this host.</p><p>[/code]</p><p></p><p>I'm not new to fetchmail, but I haven't done any config in years.</p><p>Please advise</p><p>thanks</p></blockquote><p></p>
[QUOTE="timinak, post: 1311498, member: 214908"] FYI: Linux user, setting up on Mac Lion (Darwin Kernel Version 11.2.0). Comfortable with command line, but not a virtuoso, new to Mac. When attempting to fetch mail for pop.gmail.com the following error messages are generated : [code] fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: This means that the root signing certificate (issued for /C=US/O=Google Inc/CN=Google Internet Authority) is not in the trusted CA certificate locations, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. fetchmail: Certificate/fingerprint verification was somehow skipped! fetchmail: SSL connection failed. fetchmail: socket error while fetching from tim042849@pop.gmail.com fetchmail: 6.3.18 querying pop.gmail.com (protocol POP3) at Sun, 16 Oct 2011 10:20:39 -0800 (AKDT): poll completed fetchmail: Query status=2 (SOCKET) [/code] cert files are in /Users/tim/.certs Two files were created from openssl s_client -connect pop.gmail.com:995 -showcerts 1)gmail.pem = google cert 2)equifax.pem = equifax cert c_rehash was run after certificates were installed. permissions : cert files are 644 tim:staff cert directory is 755 Polling code in .fetchmailrc is [code] poll pop.gmail.com with proto POP3 user '*********' there with password '******' is 'tim' here mda "/usr/bin/procmail" options ssl sslcertck sslcertpath /Users/tim/.certs [/code] Entry from fetchmail -V : [code] Options for retrieving from *********@pop.gmail.com: True name of server is pop.gmail.com. Protocol is POP3. All available authentication methods will be tried. SSL encrypted sessions enabled. SSL server certificate checking enabled. SSL trusted certificate directory: /Users/tim/.certs Server nonresponse timeout is 300 seconds (default). Default mailbox selected. Only new messages will be retrieved (--all off). Fetched messages will not be kept on the server (--keep off). Old messages will not be flushed before message retrieval (--flush off). Oversized messages will not be flushed before message retrieval (--limitflush off). Rewrite of server-local addresses is enabled (--norewrite off). Carriage-return stripping is enabled (stripcr on). Carriage-return forcing is disabled (forcecr off). Interpretation of Content-Transfer-Encoding is enabled (pass8bits off). MIME decoding is disabled (mimedecode off). Idle after poll is disabled (idle off). Nonempty Status lines will be kept (dropstatus off) Delivered-To lines will be kept (dropdelivered off) Fetch message size limit is 100 (--fetchsizelimit 100). Do binary search of UIDs during 3 out of 4 polls (--fastuidl 4). Messages will be delivered with "/usr/bin/procmail". Single-drop mode: 1 local name recognized. No UIDs saved from this host. [/code] I'm not new to fetchmail, but I haven't done any config in years. Please advise thanks [/QUOTE]
Verification
Post reply
Forums
Apple Computing Products:
macOS - Operating System
Fetchmail :: unable to get local issuer certificate
Top