Problem:
Using secure connections, fetchmail compares the server key md5-fingerprint with the one given in the configuration file. The connection fails with
fetchmail: $SERVER fingerprints do not match!
fetchmail: SSL connection failed.
Cause:
if those fingerprints do not match.
Solution:
So, what’s the fastest way to get the server’s certificate and fingerprint? Just use
openssl s_client -connect $SERVER:$PORT -showcerts | openssl x509 -fingerprint -noout -md5
replacing $SERVER and $PORT with the appropriate values.
The output might look like this
depth=1 /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
verify error:num=19:self signed certificate in certificate chain
verify return:0
MD5 Fingerprint=09:0E:5C:1A:DB:0F:5C:81:C0:20:B7:67:C1:CC:DB:B5
Now cut and paste the fingerprint to your fetchmailrc and that's it!
/etc/fetchmailrc or ~/.fetchmailrc
poll ... sslfingerprint '09:0E:5C:1A:DB:0F:5C:81:C0:20:B7:67:C1:CC:DB:B5'
Example ~/.fetchmailrc
# kein syslog, sonst keine ausgaben to stdout #set syslog set postmaster "postmaster" set bouncemail set spambounce set properties "" ############################################# # foo@bar.com (ISP) # ############################################# poll mail.your-isp.com with proto POP3 timeout 60 and options no dns user 'foo@bar.com' there with password 'baz' is 'foo' here options fetchall keep # options fetchall ######################################################################################## ### Add this for fetchmail on mm2 ### ### Why? ### ### Because it uses SSL by default ### ######################################################################################## ### How to get this? ### ### openssl s_client -connect mail.your-isp.de:993 -showcerts | openssl x509 -fingerprint -noout -md5 ### ### ### ### Quelle: ### ### http://www.bstegmaier.de/wiki/index.php/Fetchmail_ssl_fingerprint ### ######################################################################################## sslfingerprint 'AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99'
—
http://www.bstegmaier.de/wiki/index.php/Fetchmail_ssl_fingerprint