I would like to use offlineimap as a backup for my emails. How do I obtain the certificate of the email server?
Moreover, what do I have to do if I need the whole certificate chain? I suspect the server cert is sign by a third party authority.
Asked
Active
Viewed 191 times
1 Answers
2
How do I obtain the certificate of the email server?
In most cases you do not need the server's certificate (if it's properly signed by a CA), but it can always be obtained from the server itself using a regular TLS client, such as:
With GnuTLS tools:
gnutls-cli <host> -p <port> --print-certWith OpenSSL tools:
openssl s_client -connect <host:port> -servername <host> -showcerts
Moreover, what do I have to do if I need the whole certificate chain? I suspect the server cert is sign by a third party authority.
Properly configured TLS servers will send you the entire chain (except for the root), so you can obtain it in the same way as the server's certificate (above), but you should not need anything other than the root certificate for successful verification as OfflineIMAP will receive the rest of the chain in the same way.
If the server certificate is signed by one of the "standard" WebPKI CAs, just let OfflineIMAP use the system's root CA database, usually found at /etc/ssl/certs/ca-certificates.crt on Debian/Ubuntu or /etc/pki/tls/cert.pem on RHEL.
grawity
- 501,077