[imapfilter-devel] ATTENTION: SSL/TLS certificate fingerprint mismatch

Mario Aeby spam at eMeidi.com
Wed Jun 8 18:38:25 EEST 2011


Miko,

Thank you for your suggestion.

On 08.06.2011, at 11:00, imapfilter-devel-request at hellug.gr wrote:
> I think you have to accept both of the certificates. So run  
> imapfilter a
> few times in interactive mode, and accept permanently any new
> certificate (could be more than 2 - depends on how many exchange  
> servers
> are load balanced).

When I run imapfilter AFTER accepting the first fingerprint, I  
constantly get the following warning in interactive mode:

- --
Server certificate subject: /1.3.6.1.4.1.311.60.2.1.3=CH/ 
1.3.6.1.4.1.311.60.2.1.2=Bern/businessCategory=Government Entity/ 
serialNumber=1834-03-14/C=CH/ST=Bern/L=Bern/O=Universitaet Bern/ 
OU=Informatikdienste - SYS/CN=mail.campus.unibe.ch
Server certificate issuer: /C=BM/O=QuoVadis Limited/OU=www.quovadisglobal.com/CN=QuoVadis 
  Global SSL ICA
Server key fingerprint: CD:10:34:E9:6D:1D:07:09:3D:9E:53:FC:B5:94:B0:10
ATTENTION: SSL/TLS certificate fingerprint mismatch.
Proceed with the connection (y/n)? y
- --

There is NO option to store the new fingerprint. This option only  
appears when I manually delete ~/.imapfilter/certificates because ...  
well ... you obviuosly only can have one certificate for one server?

WORKAROUND: I renamed certificates to certificates.old, checked the  
server manually, permanently accepted the second certificate and then  
merged both certificate files:

$ cat certificates.old >> certificates

Regards,
Mario


More information about the Imapfilter-devel mailing list