On Sat, Jan 1, 2022 at 2:30 PM Karsten <deb...@decotrain.de> wrote: > But it would be helpful for others what must be done to create and install > this new "client side certificate" that > appears about 2018? I think the certificate issue was there right from the beginning. OpenSSL might not have forced its usage or just ignored it if it wasn't present? But in modern times everyone should be aware of privacy and if s/he really connects to the valid server and not suffering a man in the middle attack. As noted, if you don't care about your own safety, just use fetchmail with --nosslcertck. You should already have your Certificate Authority (CA) key. The missing step documented there: https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/ and is (where INFILE is your CA key in PKCS #12 format): openssl pkcs12 -in INFILE.p12 -out OUTFILE.crt -nokeys Then feed it to fetchmail with --sslcertfile. But I don't do it often, might be wrong as I don't even know your particular state.
Regards, Laszlo/GCS
