[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[msmtp-users] Google Internet Authority ?!



I've been using msmtp as an SMTP client on Win32 boxes to hand-off to Gmail for a while with no problems.

However, odd thing today - haven't used it for a while so doing a fresh setup on a new machine, and getting the following error message when printing server information:

>msmtp -S

msmtp: TLS certificate verification failed: the certificate hasn't got a known issuer

If one interrogates smtp.gmail.com (as per msmtp documentation) it seems that Google are no longer using Thawte; the new certificate issuer is the Google Internet Authority. [Full info at end of mail]

It all seems legit, and the underlying issuer is Equifax/Geotrust. So pick up the new certificate from your cache, or download it here:

Equifax Secure Certificate Authority (this root is included in all browser's root store) 

Amend the tls_trust_file directive in msmtprc.txt and way you go!

Thought this might save someone else a few headaches.

Regards,

JMB

msmtp --serverinfo --host=smtp.gmail.com --tls=on --port= 587 --tls-certcheck=off

SMTP server at smtp.gmail.com (fk-in-f109.1e100.net [209.85.129.109]), port 587: mx.google.com ESMTP h2sm4781504fkh.55
TLS certificate information:
    Owner:
        Common Name: smtp.gmail.com
        Organization: Google Inc
        Locality: Mountain View
        State or Province: California
        Country: US
    Issuer:
        Common Name: Google Internet Authority
        Organization: Google Inc
        Country: US
    Validity:
        Activation time: Thu Apr 22 21:02:45 2010
        Expiration time: Fri Apr 22 21:12:45 2011
    Fingerprints:
        SHA1: 1A:6F:48:8F:BE:5B:FD:92:D8:12:30:F9:22:CE:84:49:B3:43:BD:2C
        MD5:  60:39:DE:FB:0A:D9:9E:43:26:E7:75:AC:60:48:A1:B0
Capabilities:
    SIZE 35651584:
        Maximum message size is 35651584 bytes = 34.00 MiB
    STARTTLS:
        Support for TLS encryption via the STARTTLS command
    AUTH:
        Supported authentication methods:
        PLAIN LOGIN