Happy new year 2020! We now officially live in the future!
Make it a good one!
And yeah, it’s been a long time since my last post. Lot of stuff happened that I might one day write down here. But for now I’m happy to be writing again and I hope to write more on a regular base. Not just coding related stuff, but let’s see…
Now back to topic:
I now switched back to using offlineimap for all my mail accounts with mu4e.
For configuring ssl with servers you need to have their cert fingerprint. For e.g. my icloud this looks something like this:
type = IMAP
remotehost = imap.mail.me.com
remoteuser = ...
remotepasseval = get_keychain_pass(account="...@me.com", server="imap.mail.me.com")
realdelete = no
maxconnections = 1
ssl = yes
cert_fingerprint = ?
sslcacertfile = /usr/local/etc/openssl/cert.pem
But how do I find out the cert fingerprint ?
Well we can here use openssl for the rescue.
First find out the server domain and the port for you mail.
For e.g. my iCloud Account, accoding to apple.com this looks like.
IMAP-Informationen für den Posteingangsserver
- Servername: imap.mail.me.com
- SSL erforderlich: Ja
- Port: 993
So we can query openssl with this command:
SSL_CERT_DIR="" openssl s_client -connect imap.mail.me.com:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -text -in /dev/stdin
The output can be quite long for some pages but we are only intereseted in the first lines which look like.
Version: 3 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US
Now replace all colon in the fingerprint and add it to the offlineimaprc file.
After creating an app specific password within my apple account, I can use offlineimap with it.