Suppressing warning messages for the server certificate checks in Fetchmail

Problem:

Every time Fetchmail is run, it adds warning messages concerning individual SSL certificates to the mail.log file, e.g.:

fetchmail: Server certificate validation error: unable to get local issuer certificate
fetchmail: Server certificate validation error: certificate not trusted
fetchmail: Server certificate validation error: unable to verify the first certificate
fetchmail: Server certificate validation error: self signed certificate
fetchmail: Server certificate validation error: certificate has expired

Solution:

The fingerprints of the certificates can be entered in the /etc/fetchmailrc file to mark them as accepted for Fetchmail:

  • Stop the fetchmail demon:
/etc/init.d/fetchmail stop
  • Start Fetchmail on the console:
fetchmail -v -f /etc/fetchmailrc 

Once this command has been run, Fetchmail should output the fingerprints for the received certificates, e.g.:

fetchmail: mail.server.de key fingerprint: 1A:56:E3:A3:DE:D1:F9:17:40:81:DD:77:71:E9:AF:2C 
  • The specified fingerprints can now be added to the /etc/fetchmailrc file, e.g.:
 user 'benutzer@server.de' there with password 'passwort' is benutzer@domain.ucs here options ssl sslfingerprint "1A:56:E3:A3:DE:D1:F9:17:40:81:DD:77:71:E9:AF:2C"           

The sslfingerprint option must be set for all the users entered in the /etc/fetchmailrc file with the SSL option. When the fetchmail demon is then restarted, the SSL warning messages no longer appear.

Mastodon