Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
lehha2018-08-04 20:49:48
IMAP
lehha, 2018-08-04 20:49:48

Cannot verify certificate in Centos?

Since August 2018, any upgraded server on Centos 6.10 or Centos 7 cannot access sites with some certificates, because there is no trust in the certificate authority that issued the certificate.
For example:

wget https://imap.yandex.ru:993
--2018-08-04 20:30:46--  https://imap.yandex.ru:993/
Resolving imap.yandex.ru... 87.250.251.124, 213.180.204.124, 93.158.134.124, ...
Connecting to imap.yandex.ru|87.250.251.124|:993... connected.
ERROR: cannot verify imap.yandex.ru’s certificate, issued by “/C=RU/O=Yandex LLC/OU=Yandex Certification Authority/CN=Yandex CA”:
  Unable to locally verify the issuer’s authority.
To connect to imap.yandex.ru insecurely, use ‘--no-check-certificate’.

Legs grow from php c imap:
imap_open(): Couldn't open stream {imap.yandex.ru:993/imap/ssl}INBOX in file.php on line 31
PHP Notice:  Unknown: Certificate failure for imap.yandex.ru: unable to get local issuer certificate: /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA (errflg=2)

And 99% of other resources work correctly.
Systems updated, ca-certificates.noarch too:
Version     : 2018.2.22
Release     : 65.1.el6
Size        : 2.6 M
Repo        : installed

The effect can be repeated on a fresh virtual machine with Centos 6 or Centos 7 with all updates.
CHADNT?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
C
CityCat4, 2018-08-05
@CityCat4

What's incomprehensible? Even the publisher has already been traced, the idea was actually correct. View the issuer of the certificate, find the issuer's certificate, and place it in the trusted certificate store. This happens, and often - a certificate is issued at a CA, the certificate of which is not in the trusted ones, despite the fact that it is, for example, Komodo. Komodo has many subCAs and not all of their certificates are distributed. You need to manually find the certificate of this subCA /

Report
S
Serg, 2019-01-29
@serrjio

CityCat4 , lehha , the same problem with Yandex arose :( Did you manage to solve the problem somehow? Which certificate is missing?

Report
D
Dmitry from SportGoroda.ru, 2020-05-27
@Dhanada

If anyone is interested, I found a way to get around this situation. Instead
imap.yandex.ru:993/imap/ssl
of writing in imap_open()
imap.yandex.ru:993/imap/ssl/novalidate-cert

Similar questions
P
Pavel Zimin2017-07-18 17:32:27
How to set up authentication on yandex mail without using an open password? 2Reply
P
Pavel2017-07-25 11:00:38
What is the best way to organize a backup mail server? 3Reply
A
Alexander Rychkov2020-03-16 08:43:58
C++/CLI chilkat, delete message. Has anyone worked with her? 0Reply
P
Pavel2017-12-07 02:11:00
How and how to parse email - format? 1Reply
I
I_AM_SHEF2020-04-08 16:22:48
Outlook 2016 freezes while running IMAP? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question