Bonjour,
souvent mais pas toujours (pas de stats) :
fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: Broken certification chain at: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
fetchmail: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. For details, please see the README.SSL-SERVER document that ships with fetchmail.
fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from jacques.lavignotte@pop.orange.fr
fetchmail: Query status=2 (SOCKET)
L'Agrume...
Le 21/05/2018 à 14:33, Jacques a écrit :
Bonjour,
souvent mais pas toujours (pas de stats) :
fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: Broken certification chain at: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
fetchmail: This could mean that the server did not provide the intermediate CA's certificate(s), which is nothing fetchmail could do anything about. For details, please see the README.SSL-SERVER document that ships with fetchmail.
fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page.
fetchmail: OpenSSL reported: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from jacques.lavignotte@pop.orange.fr
fetchmail: Query status=2 (SOCKET)
L'Agrume...
Je confirme c'est le serveur 80.12.24.209 qui a un souci de certificats (les autres serveurs sont OK):
jacques:~$ openssl s_client -connect 80.12.24.209:995 CONNECTED(00000003) depth=0 C = FR, L = Paris, O = Orange, OU = Orange France, CN = pop.orange.fr verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = FR, L = Paris, O = Orange, OU = Orange France, CN = pop.orange.fr verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=FR/L=Paris/O=Orange/OU=Orange France/CN=pop.orange.fr i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
-
Jacques -
Jacques