openssl help needed

Jude DaShiell jdashiel at
Thu Feb 17 01:13:24 UTC 2011

Well, here's what happened with gmail.  There's the presented certificate 
which chains to an Equifax certificate and if fetchmail couldn't find both 
intact it wouldn't download any email from gmail.  I'll try and get the 
Microsoft certificate saved and see what happens from there.  I do know 
that the netscape ca-bundle makes no reference to Microsoft in its text at 
all, checked it out with grep this morning. On Wed, 16 Feb 2011, Sam 
Hartman wrote:

> It's not actually typically the case that a X.509 certificate will
> include the address of a root certificate or really even the address of
> any certificate higher in any certification chain.
> You can use
> openssl -x509 -out /dev-null -text -in file_containing_certificate
> to see what's actually in the certificate
> but I suspect you'll be disappointed.
> It's also not likely that you need a root certificate . You should be
> able to tell fetchmail that the CA certificate for the cite is a trust
> anchor and  that it should just chain from there. Roots aren't actually
> special.
> If fetchmail just uses openssl you may only need to drop the CA
> certificate into a directory of certificates and possibly run c_rehash.
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at

More information about the Blinux-list mailing list