Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
lehha2018-08-04 20:49:48
IMAP
lehha, 2018-08-04 20:49:48

Cannot verify certificate in Centos?

Since August 2018, any upgraded server on Centos 6.10 or Centos 7 cannot access sites with some certificates, because there is no trust in the certificate authority that issued the certificate.
For example:

wget https://imap.yandex.ru:993
--2018-08-04 20:30:46--  https://imap.yandex.ru:993/
Resolving imap.yandex.ru... 87.250.251.124, 213.180.204.124, 93.158.134.124, ...
Connecting to imap.yandex.ru|87.250.251.124|:993... connected.
ERROR: cannot verify imap.yandex.ru’s certificate, issued by “/C=RU/O=Yandex LLC/OU=Yandex Certification Authority/CN=Yandex CA”:
  Unable to locally verify the issuer’s authority.
To connect to imap.yandex.ru insecurely, use ‘--no-check-certificate’.

Legs grow from php c imap:
imap_open(): Couldn't open stream {imap.yandex.ru:993/imap/ssl}INBOX in file.php on line 31
PHP Notice:  Unknown: Certificate failure for imap.yandex.ru: unable to get local issuer certificate: /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA (errflg=2)

And 99% of other resources work correctly.
Systems updated, ca-certificates.noarch too:
Version     : 2018.2.22
Release     : 65.1.el6
Size        : 2.6 M
Repo        : installed

The effect can be repeated on a fresh virtual machine with Centos 6 or Centos 7 with all updates.
CHADNT?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
C
CityCat4, 2018-08-05
@CityCat4

What's incomprehensible? Even the publisher has already been traced, the idea was actually correct. View the issuer of the certificate, find the issuer's certificate, and place it in the trusted certificate store. This happens, and often - a certificate is issued at a CA, the certificate of which is not in the trusted ones, despite the fact that it is, for example, Komodo. Komodo has many subCAs and not all of their certificates are distributed. You need to manually find the certificate of this subCA /

Report
S
Serg, 2019-01-29
@serrjio

CityCat4 , lehha , the same problem with Yandex arose :( Did you manage to solve the problem somehow? Which certificate is missing?

Report
D
Dmitry from SportGoroda.ru, 2020-05-27
@Dhanada

If anyone is interested, I found a way to get around this situation. Instead
imap.yandex.ru:993/imap/ssl
of writing in imap_open()
imap.yandex.ru:993/imap/ssl/novalidate-cert

Similar questions
V
Vechkov Alexander2021-12-03 17:35:41
How to set up IMAP in Plesk? 0Reply
A
Alexandepz2018-11-14 12:54:36
How to determine the cause of Thunderbird slowdowns when working with IMAP mailboxes? 2Reply
I
ivprokofyev2020-10-15 10:45:20
Why doesn't INBOX reading via IMAP4_SSL work on the server? 1Reply
B
br1an2019-01-23 09:17:21
How to synchronize mail on three PCs connected via POP3? 2Reply
E
Evgeny Milushkin2016-08-26 16:00:50
Yii2, how, using SMTP and IMAP, to put a copy of the letter in sent? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question