trusting a cert - Leo Butler

Announcements and discussions for Gnus, the GNU Emacs Usenet newsreader
 help / color / mirror / Atom feed

From: Leo Butler <leo.butler81@googlemail.com>
To: info-gnus-english@gnu.org
Subject: trusting a cert
Date: Tue, 06 Jun 2017 11:40:02 -0500	[thread overview]
Message-ID: <861sqxcbod.fsf@x201.butler.org> (raw)

How can I get gnus/gnutls-cli to trust an imap server's cert? Some
recent changes in that pipeline, or debian's list of trusted issuers,
have made one of my imap servers inaccessible from gnus.

Leo

<-----

*** Fatal error: Error in the certificate.
*** handshake has failed: Error in the certificate.
Processed 166 CA certificate(s).
Resolving 'wm.sdf.org:993'...
Connecting to '205.166.94.23:993'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `CN=wm.sdf.org', issuer `CN=thawte DV SSL CA - G2,OU=Domain
 Validated SSL,O=thawte\, Inc.,C=US', serial
 0x094088c8022c507f2d425c99095860ab, RSA key 2048 bits, signed using
 RSA-SHA256, activated `2015- 04-19 00:00:00 UTC', expires `2018-05-18
 23:59:59 UTC', key-ID
 `sha256:8f07403975f9ddb4ba778b268462b4dc74e4e3ca87f13c85552f16ab34c3312a'
         Public Key ID:
                         sha1:a2b595a62a8d208240a1fc8adf6027fd625781fa

sha256:8f07403975f9ddb4ba778b268462b4dc74e4e3ca87f13c85552f16ab34c3312a
        Public key's random art:
                        +--[ RSA 2048]----+
                                        | ..              |
                                                        |o.               |
                                                                        |o.
        .         |
                        |. .   . ..       |
                                        |o  . .o S.       |
                                                        |* ...o
        *.        |
                        |+o+o+.o.         |
                                        | oo=+oE          |
                                                        |
        .ooo.          |
                        +-----------------+

- Status: The certificate is NOT trusted. The certificate issuer is
unknown.
*** PKI verification of server certificate failed...

next             reply	other threads:[~2017-06-06 16:40 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-06 16:40 Leo Butler [this message]
2017-06-08 21:56 ` Leo Butler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=861sqxcbod.fsf@x201.butler.org \
    --to=leo.butler81@googlemail.com \
    --cc=info-gnus-english@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).