[Eisfair] Fetchmail mit SSL

Carsten Lippert carsten at falconcrest-lippert.de
Mo Jul 24 20:41:34 CEST 2017


Hallo Marcus,

Am 24.07.2017 um 19:27 schrieb Marcus Roeckrath:
> Hallo Carsten,
> 
> Marcus Roeckrath wrote:
> 
>>>       +-> Error: file '/usr/local/ssl/certs/415660c1.0' missing!
>>
>> Die Kette ist unvollständig.
>>
>> Lies https://ssl.nettworks.org/wiki/pages/viewpage.action?pageId=19824666,
>> um das gesuchte Zertifikat im Netz zu finden.
>>
>>> 415660c1.0 kann ich tatsaechlich nicht finden.
>>
>> Das ist der Hash-Link des gesuchten Zertifikates, darunter wirst Du es im
>> Netz nicht finden; nimm den angegebenen Wikieintrag.
> 
> Könnte auf dieser Seite zu finden sein:
> 
> https://www.symantec.com/page.jsp%3Fid%3Droots
> 
> und zwar möglicherweise diexses hier: VeriSign Class 3 Public PCA - G1.5


Hier die Lösung, es fehlte VeriSign_Class_3_Public_Primary_CA.pem.

Das ist aber auch wirklich tricky.


--------------------------------------------------------------------------
Show certificate chain (run as 'root')
*
| certificate : pop.mail.yahoo.com.pem (6b393e71)
| subject     : /C=US/ST=California/L=Sunnyvale/O=Yahoo
Inc./OU=Information Technology/CN=legacy.pop.mail.yahoo.com
| issuer      : /C=US/O=Symantec Corporation/OU=Symantec Trust
Network/CN=Symantec Class 3 Secure Server CA - G4
| MD5 f-print : 5D:46:DA:B8:25:53:76:55:93:40:EF:7F:2F:0E:3E:ED
| SHA1 f-print: 7A:87:0B:69:58:8C:9F:C1:D7:1A:D7:60:4D:3D:19:6B:7E:7B:5E:F7
|
+->| certificate : Symantec_Class_3_Secure_Server_CA_-_G4.pem (7d9c641e)
   | subject     : /C=US/O=Symantec Corporation/OU=Symantec Trust
Network/CN=Symantec Class 3 Secure Server CA - G4
   | issuer      : /C=US/O=VeriSign, Inc./OU=VeriSign Trust
Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign
Class 3 Public Primary Certification Authority - G5
   | MD5 f-print : 23:D5:85:8E:BC:89:86:10:7C:B7:AC:1E:17:F7:26:C5
   | SHA1 f-print:
FF:67:36:7C:5C:D4:DE:4A:E1:8B:CC:E1:D7:0F:DA:BD:7C:86:61:35
   |
   +->| certificate :
verisign_class_3_public_primary_certification_authority_-_g5.pem (b204d74a)
      | subject     : /C=US/O=VeriSign, Inc./OU=VeriSign Trust
Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign
Class 3 Public Primary Certification Authority - G5
      | issuer      : /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary
Certification Authority
      | MD5 f-print : F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A
      | SHA1 f-print:
32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27
      |
      +->| certificate : VeriSign_Class_3_Public_Primary_CA.pem (415660c1)
         | subject     : /C=US/O=VeriSign, Inc./OU=Class 3 Public
Primary Certification Authority
         | issuer      : /C=US/O=VeriSign, Inc./OU=Class 3 Public
Primary Certification Authority
         | MD5 f-print : EF:5A:F1:33:EF:F1:CD:BB:51:02:EE:12:14:4B:96:C4
         | SHA1 f-print:
A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B
         |
         +-> end of chain!

checking certificate chain: pop.mail.yahoo.com.pem: C = US, ST =
California, L = Sunnyvale, O = Yahoo Inc., OU = Information Technology,
CN = legacy.pop.mail.yahoo.com
error 3 at 0 depth lookup:unable to get certificate CRL
-------------------------------------------------------------------------

Danke fuer die wertvollen Informationen.

-- 
MfG. Carsten


Mehr Informationen über die Mailingliste Eisfair