Aller au contenu
Infogérance Linux Debian en France

Infogérance Linux Debian en France

Kogitae : Ingéniérie de l'hébergement Internet

  • Accueil
  • Parcours
  • Presse
  • Portfolio
  • Blog

SSL fingerprints mailserver : SMG’s Weblog

  • Accueil » Blog » SSL fingerprints mailserver : SMG’s Weblog
DansLinux

SSL fingerprints mailserver : SMG’s Weblog

SSL fingerprints mailserver

I use fetchmail to pull down my mail from the mailserver, just now the ssl fingerprints changed

leading to an error like:

fetchmail: <mailserver> fingerprints do not match!

12096:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:../../../../common/openssl/ssl/s3_clnt.c:894:

fetchmail: SSL connection failed.

fetchmail: socket error while fetching from <userid>@<mailserver>

fetchmail: Query status=2 (SOCKET)

So to get the new fingerprint, firstly get the changed ssl cert:

openssl s_client -connect <mailserver>:<port> -showcerts

and copy say the first cert to a file <mailserver>.pem. Now generate

the SSL fingerprint of this pem file:

openssl x509 -fingerprint -md5 -noout -in <mailserver>.pem

MD5 Fingerprint=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

and put it in the .fetchmailrc file:

poll <mailserver> protocol imap port <port>

username <userid>

ssl sslfingerprint XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

sslcertpath /path/to/certs

Whew, nice and quick, thanks to google 🙂

viaSSL fingerprints mailserver : SMG’s Weblog.

exemple-fetchmailrc-imap-centos fetchmail fetchmail-error-14090086-ssl-routinesssl3_get_server_certificate-dovecot fetchmail-fingerprint fetchmail-fingerprints fetchmail-ssl-fingerprint fingerprints-do-not-match-fetchmail-sslfingerprint get-ssl-fingerprint imaps-fingerprint linux linux-get-ssl-certificate-fingerprint-from-imaps-server linux-get-ssl-fingerprint-from-mail-server mail-mailserver-ru-locfr mail-ru-sslfingerprint openssh-fingerprint optimiser-fetchmail ssl ssl-fingerprint version-imaps

Étiquettes

administrateur-systeme-freelance (9) amazon (3) apache (14) asterisk (9) auth (3) bash (6) blog-administrateur-systeme (14) blog-administration-systeme (4) collectd (5) cpu (3) debian (30) dovecot (4) duplicate (3) f (6) freelance-asterisk (3) google (3) infogerance-linux (5) infogérance (4) ipv6 (7) kernel (4) kogitae (30) kogitae-com (3) kogitae-fr (6) lamp-or-linux-or-developpement-web-and-apache-or-php-or-mysql-or-adobe-or-eclipse-or-zend-or-mozilla-or-firefox (17) lenny (4) lighttpd (5) limit (4) linux (26) mail (7) mdadm (6) mysql (14) openvz (9) optimiser (4) php (5) postfix (11) privvmpages-openvz (3) pxe (3) raid (3) SEO (5) ssh (8) ssl (3) test (3) voip (4) wordpress (6) www-kogitae-fr (7)