fetchmail gmail setup problem

Henry Yen blinux-mail at AegisInfoSys.com
Mon Feb 7 16:17:16 UTC 2011

Comments in-line.

On Mon, Feb 07, 2011 at 04:52:31AM -0500, Jude DaShiell wrote:
> I fixed the sslcertpath in my .fetchmailrc file.  That made no change in 
> the error I get.


Check that you've got the right certificate from gmail; run this command:

   echo | openssl s_client -connect imap.gmail.com:993

> jude at md:~$ lsc/etc/ssl/certs/
> gmail.crt  google.crt

I'm not sure of the above command you ran.  If it was actually a listing of
that directory ("ls /etc/ssl/certs"), then I think the certificate
conversion step (which may or may not be required) was missing.

The c_rehash command/script (required by openssl) creates symbolic links
in the target directory, of certificates it finds, in .pem format.

Run these two commands (in order) to convert .crt file to .pem file:

   openssl x509 -in gmail.crt -out gmail.der -outform DER
   openssl x509 -in gmail.der -inform DER -out gmail.pem -outform PEM

Also, I noticed that certificate checking requires that "your system clock
be reasonably accurate".

Henry Yen                                       Aegis Information Systems, Inc.
Senior Systems Programmer                       Hicksville, New York

More information about the Blinux-list mailing list