Getting mail server certificate fingerprint for use in offlineimap with openssl

Happy new year 2020! We now officially live in the future!
Make it a good one!

And yeah, it’s been a long time since my last post. Lot of stuff happened that I might one day write down here. But for now I’m happy to be writing again and I hope to write more on a regular base. Not just coding related stuff, but let’s see…

Now back to topic:

I now switched back to using offlineimap for all my mail accounts with mu4e.

For configuring ssl with servers you need to have their cert fingerprint. For e.g. my icloud this looks something like this:

[Repository me-remote]
type = IMAP
remotehost =
remoteuser = ...
remotepasseval = get_keychain_pass(account="", server="")
realdelete = no
maxconnections = 1
ssl = yes
cert_fingerprint = ?
sslcacertfile = /usr/local/etc/openssl/cert.pem

But how do I find out the cert fingerprint ?

Well we can here use openssl for the rescue.
First find out the server domain and the port for you mail.
For e.g. my iCloud Account, accoding to this looks like.

IMAP-Informationen für den Posteingangsserver

  • Servername:
  • SSL erforderlich: Ja
  • Port: 993

So we can query openssl with this command:

SSL_CERT_DIR="" openssl s_client -connect < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -text -in /dev/stdin

The output can be quite long for some pages but we are only intereseted in the first lines which look like.

SHA1 Fingerprint=E1:A5:F9:D2:2A:81:09:79:CA:CD:FC:0B:41:51:F5:61:E8:D0:29:76
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US

Now replace all colon in the fingerprint and add it to the offlineimaprc file.


After creating an app specific password within my apple account, I can use offlineimap with it.

Read-only phar archives

When you’re building a `.phar` archive and you receive this error:
PHP Fatal error: Uncaught exception 'UnexpectedValueException' with message 'Cannot write out phar archive, phar is read-only' in ..../bin/build:19
you need to set phar.readonly to Off in your php.ini file.

phar.readonly = Off

This is what the php docs say about it:

This option disables creation or modification of Phar archives using the phar stream or Phar object’s write support. This setting should always be enabled on production machines, as the phar extension’s convenient write support could allow straightforward creation of a php-based virus when coupled with other common security vulnerabilities.


This setting can only be unset in php.ini due to security reasons. If phar.readonly is disabled in php.ini, the user may enable phar.readonly in a script or disable it later. If phar.readonly is enabled in php.ini, a script may harmlessly “re-enable” the INI variable, but may not disable it.

Setup wlan with CentOS 7 on a Banana Pi using a TP-Link USB adapter

There is a Banana Pi 1st generation, that was sitting in my drawer for too long. So I decided to bring it back to life with CentOS to which I’m a newbie. My first target is to use a TL-WN725N Nano-USB Wlan Device to connect to my local network. This guarantees fun and learning, so here we go 🙂

If you need a faster network connection, consider switching to a SD-WAN.

First I downloaded the CentOS BananaPi Image. I used the link provided in their announce last december and grabbed


Then used `dd` to load it on a SD card, put it in the banana and boot that nifty little box.

The first login had to be done with credentials user:’root’ and password:’centos’.
Then install the ‘usbutils’ package to get the ‘lsusb’ command.

%sudo lsusb
Bus 001 Device 002: ID 0bda:8179 Realtek Semiconductor Corp. RTL8188EUS 802.11n Wireless Network Adapter

Continue reading “Setup wlan with CentOS 7 on a Banana Pi using a TP-Link USB adapter”

tails of fortune 1 (aka tof1)

Avoid the Gates of Hell. Use Linux.
– unknown source

When your write scripts, debug code or deloy software there comes a point of boredomeness beyond fun. This is the time to install fortune and get a smile in the detection time of a keystroke.

And if you want your bash scripts to output something nice after it finished work, just put this on the line after your Shebang.

#!/bin/env bash
trap $(hash fortune && echo fortune) SIGINT SIGTERM EXIT

And if you like if colorfull and crazy.

#!/bin/env bash
function fun {
    hash fortune && hash cowsay && hash toilet && clear && fortune | cowsay -f apt | toilet --gay -f term    

Be sure to install fortune, cowsay and toilet.

SSH Keygen Infos

I havent’t wrote in a while. To keep it short: I’m still alive.
This is just a short note on ssh keygen and ssh-copy which I was not aware of.

Let’s assume you have your keys an need to change the passphrase:
cd ~/.ssh/
(keys can be ~/.ssh/ or ~/.ssh/

ssh-keygen -f id_dsa -p

And copy the key to remote host:

ssh-copy-id -i USER@REMOTE_HOST

That’s it 🙂 now you can connect to the remote machine without hassle.


Why to choose nfs over vboxsf for mounting host folders inside a VirtualBox VM!

Simple answer: SPEED

Long answer:

Most projects I work on a the moment are web related and I like my development environment to be as close to production as possible.

Therefore I set up a Debian Jessie some time ago and mounted my whole /Users/cb0/Sites directory into the VM. So I configured the shared folders inside the VirtualBox and used this code inside /etc/fstab inside the Debian.

Sites /Users/cb0/Sites vboxsf defaults,rw,uid=33,gid=33 0 0

This worked fine for custom php apps and even for symfony 1.4. Now I’m working on a symfony 2 project which seems to generate a whole bunch of cache files before starting to deliver the webpage.

This resulted in an average load time of 45s (yes seconds) which I could not bear for more than 2 pageloads. So I search for the bottleneck and found out that the creation of the cache files took too long. After reading some documentations I decided to try to mount the share over nfs instead of the vboxsf.

Here’s how to do it:

1. [Host] Create or open the file “/etc/nfs.conf” and insert the following line:

nfs.server.mount.require_resv_port = 0

2. [Host] Edit the /etc/exports file and configure your desired share folder like this:

/Users/cb0/Sites -mapall=501:20 -network -mask

Replace “192.168.56” with the address you have chosen for your Host-only Adapter.

3. [Host] Run the following 3 commands:

> sudo nfsd update
> sudo nfsd checkexports
> showmount -e

The ‘showmount’ command will output something like this if everything went fine:

# Exports list on localhost:

4. [GUEST] Install necessary software. (As mentioned I use debian jessie)

sudo apt-get install nfs-common

5. [GUEST] Add the mount infos into the file /etc/fstab /Users/cb0/Sites nfs soft,intr,rsize=8192,wsize=8192 0 0

This tells debian to mount the directory /Users/cb0/Sites located on my host machine into the exactly same directory on my linux. (Note: You have to create the folder inside the guest first.) I do this for convenience, you could mount it somewhere else.

6. [GUEST] Now mount this share.

sudo mount /Users/cb0/Sites

and you are done.

After these simple steps and no other tuning my sf2 web project load in about 580ms. This is more than 70times faster than before.
I also noticed a small speedup in my other web apps. Now I can relax, sit back and continue my work on this project.

FOSUserBundle customization notes


I’ve been busy creating a new project in which I use symfony2 for the first time. Working with symfony1.x for nearly 3 years I really like some of the ideas of symfony2. However there are also some things I dislike, or just don’t fully understand yet.

Here are some quick notes I took while reading the FOSBundle Documentation.


Default Templates

The easy and quick way:

  • Basically override the FOS Template by creating a file under ‘./app/Resources/FOSUserBundle/views/layout.html.twig’
  • Be sure to include this block, which will hold the FOSUserBundle Content. 
{% block fos_user_content %}
{% endblock fos_user_content %}

2. The more complicated way

Create symlinks inside a VirtualBox shared folder

While working inside debian, which is installed inside a VirtualBox and shares a folder with it’s host machine, I repeatingly got errors while creating symlinks. (I use “os x 10.7” as host and “debian wheezy” as guest os.)

Until now I accepted it but today I got tired of creating these symlink in the host system.

Here’s the solution I found:

1. Shut down the virtual machine. Debian in my case.
2. You need to close the VirtualBox GUI.
3. Type this into your preferred command line.

VBoxManage setextradata DEBIAN VBoxInternal2/SharedFoldersEnableSymlinksCreate/FOLDER_SHARE 1

4. Reboot your virtual machine.
5. Enjoy the stunning power of symlinks again*

* You ask why again ? Because this was possible by default prior to VirtualBox 4.1.8. It has been added for additional security.

nmh, mh-e and emacs on OS X 10.7

Hi there,
I haven’t posted in a while. But this short post should proof im still alive 😉

I’ve been doing a lot emacs lately and decided to give nmh a try. Unfortunately the script that ships with it, to automatically build and install nmh, won’t work on my Macbook running OS X 10.7. It just gives me this output:

make[2]: *** [check-TESTS] Error 1
make[1]: *** [check-am] Error 2
make: *** [check] Error 2
build failed!
build log is in build_nmh.log

The build_nmh.log is full of messages that tell me to go away.

Here’s what I did to manually install it.

$ cd nmh
$ autoconf
$ autoheader
$ configure --enable-debug --enable-pop --with-editor=emacs --prefix=$HOME/nmh
$ make
$ sudo make install

This installed nmh binaries into the “~/nmh” which is ok for now because I’ll just want to try out.

After that you need to got to emacs which includes mh-e since emacs 18. So this should apply to my nightly build version from EmacsForMacOsX.

Now you need to configure the variable ‘mh-path’ so emacs will know where to find the executable.
I did this through calling ‘M-x customize-variable mh-path’ and entered “User/cb0/nmh/bin”
This will set this variable in you .emacs file

(custom-set-variables '(mh-path (quote ("/Users/cb0/nmh/bin"))))

After this run “M-x install-mh” to install and “M-x mh-version” to check if everything is installed correctly.

MH-E 8.5

MH-E compilation details:
 Byte compiled:		yes
 Gnus (compile-time):	Gnus v5.13
 Gnus (run-time):	Gnus v5.13

GNU Emacs (x86_64-apple-darwin, NS apple-appkit-1038.36)
 of 2013-03-28 on

nmh 1.5+dev
 mh-progs:	/Users/cb0/nmh/bin
 mh-lib:	/Users/cb0/nmh/etc
 mh-lib-progs:	/Users/cb0/nmh/lib

Darwin snowball.lan 11.4.2 Darwin Kernel Version 11.4.2: Thu Aug 23 16:26:45 PDT 2012; root:xnu-1699.32.7~1/RELEASE_I386 i386

I also installed the manual so I dont have to leave emacs for a straight start.

Now I’m excited to see nmh live and inside emacs.