Volatile certificates?

Volker Wysk post at volker-wysk.de
Sat Aug 27 11:12:37 UTC 2016


Hi

I've configured fetchmail to fetch my mail from four mail servers, amongst them 
web.de and gmail.com. I'm using SSL to secure the connection.

This means, that the two certificates of the mentioned mail servers must be 
checked. I lack the necessary root and intermediate certificates, for testing 
the certfificate chain. So I must trust the two presented certificates, once. I 
added the fingerprints of the certificates in my fetchmairc file, using the 
directive "sslfingerprint".

That worked fine, for a few days. But now, the certificates of the two mentioned 
mail server don't match any longer, meaning that a new certificate is presented 
by both servers.

This could mean that a man-in-the-middle attack is taking place. What should I 
do now? Should I simply trust the two new certificates? Is it usual for 
certificates to change a lot?

Bye
Volker Wysk





More information about the ubuntu-users mailing list