Fetchmail and SSL certificates

I have to search for this periodically being sites like to change their SSL certificates every once and a while. So here’s another place to look for it!

If you don’t know what Fetchmail is its a little program (maybe its gigatic, I don’t know) that fetches email for you from many different email servers. This allows me to have one place where I store all my email across all my email addresses and then I can use an IMAP email server to view it all in one place. Very nice if you’ve many different email address.

In order to do this magic you have to tell fetchmail how to login to your email accounts and its always better to do this securely over SSL. To do it over SSL you have to tell fetchmail the site’s SSL certificiate (or you could weaken fetchmail to not care to validate the certificate but that seems silly). And to do that you have to tell it in hex or other computer sprach.

So first you need to get the SSL certificate in computer sprach:

openssl s_client -connect pop3.live.com:995 -showcerts | openssl x509 -fingerprint -noout -md5

Running this will get you the certificate computer sprach entry itself that’ll look something like this:

91:63:CF:6F:DF:03:3C:B9:3E:19:B3:1C:FF:EB:3C:25

Second you need to tell fecthmail to use this id when it connects to the server in the fetchmailrc file:

poll pop3.live.com uidl protocol POP3 user “xxxyyy@live.com” there with password “ohSuchASecurePassword!@#$” is xxxx@tttt here ssl sslfingerprint ‘91:63:CF:6F:DF:03:3C:B9:3E:19:B3:1C:FF:EB:3C:25

There you have it! That’s almost a good memorable, secure password I just made up there.

Leave a Reply

Your email address will not be published. Required fields are marked *