Volatile certificates?
Volker Wysk
post at volker-wysk.de
Sat Aug 27 11:12:37 UTC 2016
Hi
I've configured fetchmail to fetch my mail from four mail servers, amongst them
web.de and gmail.com. I'm using SSL to secure the connection.
This means, that the two certificates of the mentioned mail servers must be
checked. I lack the necessary root and intermediate certificates, for testing
the certfificate chain. So I must trust the two presented certificates, once. I
added the fingerprints of the certificates in my fetchmairc file, using the
directive "sslfingerprint".
That worked fine, for a few days. But now, the certificates of the two mentioned
mail server don't match any longer, meaning that a new certificate is presented
by both servers.
This could mean that a man-in-the-middle attack is taking place. What should I
do now? Should I simply trust the two new certificates? Is it usual for
certificates to change a lot?
Bye
Volker Wysk
More information about the ubuntu-users
mailing list