openssl help needed

Sam Hartman hartmans at
Wed Feb 16 13:18:34 UTC 2011

It's not actually typically the case that a X.509 certificate will
include the address of a root certificate or really even the address of
any certificate higher in any certification chain.
You can use
openssl -x509 -out /dev-null -text -in file_containing_certificate
to see what's actually in the certificate
but I suspect you'll be disappointed.

It's also not likely that you need a root certificate . You should be
able to tell fetchmail that the CA certificate for the cite is a trust
anchor and  that it should just chain from there. Roots aren't actually
If fetchmail just uses openssl you may only need to drop the CA
certificate into a directory of certificates and possibly run c_rehash.

More information about the Blinux-list mailing list