Hello Matthias, Am 01.01.22 um 14:10 schrieb Matthias Andree: > Notice something?
i notice everything. :-) > > You hijack somebody else's domain for "anonymization" purposes and > expect someone to help you, and you did not respond to hints the server > CA's signing certificate might be missing from the trust store. I am the owner of the domain so nobody is hijacked! A self signing certificate is absolutely sufficient and perfect for private use. Why everybody has to be forced to use official certificates? > Checking with another computer that has a proper installation is > impossible if you fake data. Sorry for that, but we are talking about private data and this is an official portal here. > Be sure to install and configure the ca-certificates package - in case > you had installed fetchmail with --no-install-recommends. The server has been upgraded from Debian 9 to Debian 11. So nothing has been manually installed or configured, espacially any ca-certificates package. The same TLS1.2 as before shall be used, so it is not understandable why addtional things are mandantory now? Why old certificates cannot be used any more when the client that uses a server is upgraded? >> In the Internet are a mass of similar problems with fetchmail, but no >> description what exactly must be done to solve it. > > Because "similar problems" are usually a broken setup of either > server-side certificates that don't trace back to commonly used and > trusted stores (Mozilla's trusted CA package, mostly), or local broken > setups. This "stores" are a big problem of public monitoring, because every certificate causes requests to this central "stores". Another problem is to work with certificates and networks, that have no internet connection. > HTH - else you need to provide original data and more information. I can send this private to your email address. But it would be helpful for others what must be done to create and install this new "client side certificate" that appears about 2018? Best regards karsten
