openssl help needed
jdashiel at shellworld.net
Thu Feb 17 01:13:24 UTC 2011
Well, here's what happened with gmail. There's the presented certificate
which chains to an Equifax certificate and if fetchmail couldn't find both
intact it wouldn't download any email from gmail. I'll try and get the
Microsoft certificate saved and see what happens from there. I do know
that the netscape ca-bundle makes no reference to Microsoft in its text at
all, checked it out with grep this morning. On Wed, 16 Feb 2011, Sam
> It's not actually typically the case that a X.509 certificate will
> include the address of a root certificate or really even the address of
> any certificate higher in any certification chain.
> You can use
> openssl -x509 -out /dev-null -text -in file_containing_certificate
> to see what's actually in the certificate
> but I suspect you'll be disappointed.
> It's also not likely that you need a root certificate . You should be
> able to tell fetchmail that the CA certificate for the cite is a trust
> anchor and that it should just chain from there. Roots aren't actually
> If fetchmail just uses openssl you may only need to drop the CA
> certificate into a directory of certificates and possibly run c_rehash.
> Blinux-list mailing list
> Blinux-list at redhat.com
More information about the Blinux-list