On Sat, 3 Jul 2010 23:36:58 +0200 (CEST), Marco Beishuizen <mb...@xs4all.nl> wrote: > Hi, > > I'm seeing in my logfiles a lot of messages like these from fetchmail: > > Jul 3 22:02:54 yokozuna fetchmail[1437]: Server certificate > verification error: self signed certificate in certificate chain > Jul 3 22:02:54 yokozuna fetchmail[1437]: This means that the root > signing certificate (issued for /C=SE/O=AddTrust AB/OU=AddTrust External > TTP Network/CN=AddTrust External CA Root) is not in the trusted CA > certificate locations, or that c_rehash needs to be run on the > certificate directory. For details, please see the documentation of > sslcertpath and sslcertfile in the manual page. > > Does anyone know what these messages mean and if they are harmless or > not?
This means that the certificate of CN="AddTrust External CA Root" is signed by itself. It's a common thing when the administrator of the respective SSL-enabled host has not bought a certificate from one of the global CA authorities, but has signed the certificate with itself to avoid the costs & process associated with maintaining a "normal" certificate. If you know that the respective domain is indeed set up this way, the warning is harmless. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
