如果出现问题,我需要脚本给pipe理员发送电子邮件,而公司只使用Gmail。 在几篇博文的指导下,我可以使用.mailrc文件设置mailx。 首先是nss-config-dir的错误,我通过从firefox目录复制一些.db文件来解决这个问题。 到./certs并且在mailrc中瞄准它。 邮件已发送。
但是,上面的错误出现了。 奇迹发生了,.db中有一个Google证书。 它显示了这个命令:
~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI GeoTrust SSL CA ,, VeriSign Class 3 Secure Server CA - G3 ,, Microsoft Internet Authority ,, VeriSign Class 3 Extended Validation SSL CA ,, Akamai Subordinate CA 3 ,, MSIT Machine Auth CA 2 ,, Google Internet Authority ,, 最有可能的是,它可以被忽略,因为邮件无论如何工作。 最后,拉了一些头发和许多Google后,我发现如何摆脱烦恼。
首先,将现有证书导出到ASSCII文件中:
~]$ certutil -L -n 'Google Internet Authority' -d certs -a > google.cert.asc
现在重新导入该文件,并将其标记为受信任的SSL证书ala:
~]$ certutil -A -t "C,," -n 'Google Internet Authority' -d certs -i google.cert.asc
在此之后,清单显示它信任:
~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ... Google Internet Authority C,,
而mailx发送不麻烦。
~]$ /bin/mailx -A gmail -s "Whadda ya no" [email protected] ho ho ho EOT ~]$
我希望有人希望完成这个错误是有帮助的。
另外,我对一些事情很好奇。
如果偶然不在mozilla数据库中,我怎么能得到这个证书呢? 有没有像这样的事情?
~]$ certutil -A -t "C,," \ -n 'gmail.com' \ -d certs \ -i 'http://google.com/cert/this...'
那么它不是我想要的那一行,但这是如何从头开始获取和导入证书:
# Create a certificate directory ~]$ mkdir certs # Create a new database in the certs dir ~]$ certutil -N -d certs # Need now a chain certificate - May 18, 2015 ~]$ wget https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.cer # Need now a chain certificate part 2 - May 18, 2015 ~]$ mv GeoTrust_Global_CA.cer certs/ # Fetch the certificate from Gmail, saving in the text file GMAILCERT # Added the CA opion - May 18, 2015 ~]$ echo -n | openssl s_client -connect smtp.gmail.com:465 -CAfile certs/GeoTrust_Global_CA.cer | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > GMAILCERT # Import the new cert file into the new database in the new dir ~]$ certutil -A -n "Google Internet Authority" -t "C,," -d certs -i GMAILCERT # Double Check ~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Google Internet Authority C,,
一stream! 并感谢这张票上的答案
这篇文章需要再次更新。 我在我的CentOS 7盒子上安装mailx时遇到了麻烦。 邮件将发送,但我仍然收到“authentication错误:对方的证书颁发者不被识别”。 错误。
我在这里find了解决scheme,但不得不翻译它。
这是一个快速的方法来做到这一点:
# Create a certificate directory mkdir ~/.certs # Create a new database in the certs dir (dont forget to enter your pass phrase!) certutil -N -d ~/.certs # Create three files for the cert chain touch ~/.certs/google ~/.certs/geotrust ~/.certs/equifax # Copy the cert chain for smtp.google.com:465 over to my_certs file (don't forget the -showcerts option, CTRL + C to end this command) openssl s_client -showcerts -connect smtp.gmail.com:465 > ~/.certs/my_certs
现在复制包括–BEGIN CERTIFICATE–和–END CERTIFICATE在内的每个证书,并将其粘贴到您之前创build的文件(google,geotrust,equifax)中,然后保存这些文件。
# Open your my_certs file you made earlier and copy the google cert (usually the first one) nano ~/.certs/my_certs # Open your google file, paste the google cert that you just copied, and save and close nano ~/.certs/google # Open your my_certs file you made earlier and copy the geotrust cert (usually the second one) nano ~/.certs/my_certs # Open your geotrust file, paste the geotrust cert that you just copied, and save and close nano ~/.certs/geotrust # Open your my_certs file you made earlier and copy the equifax cert (usually the third one) nano ~/.certs/my_certs # Open your equifax file, paste the equifax cert that you just copied, and save and close nano ~/.certs/equifax
现在我们必须将每个这些证书导入到数据库中。
# Import the google cert into the db certutil -A -n "Google Internet Authority" -t "TC,," -d ~/.certs -i ~/.certs/google # Import the geotrust cert into the db certutil -A -n "GeoTrust Global CA" -t "TC,," -d ~/.certs -i ~/.certs/geotrust # Import the equifax cert into the db certutil -A -n "Equifax Secure Certificate Authority" -t "TCP,," -d ~/.certs -i ~/.certs/equifax # Double check to make sure everything imported correctly into the db certutil -L -d ~/.certs
示例输出:
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Google Internet Authority CT,, GeoTrust Global CA CT,, Equifax Secure Certificate Authority CT,,
清理时间(可选)
# Remove all unnecessary files since the db has the certs :) rm -rf ~/.certs/google ~/.certs/geotrust ~/.certs/equifax ~/.certs/my_certs # Now run a test to make sure mailx is sending correctly now (don't forget to change [email protected] to the email address you'd like to send to) echo "Your message" | mail -s "Message Subject" [email protected]
应该是这样,你不应该收到“authentication错误:对方的证书颁发者不被识别”。 错误!
笔记:
您可能已经注意到我将目录从/certs更改为~/.certs 。 mailx以root身份运行,所以我只是以root身份进行这些更改。 “〜/”表示HOME目录放在一起~/.certs表示/root/.certs/ 。 我相信你知道,但嘿,以防万一你不知道谁可能会读这个!
以防万一你需要这个,这里是我添加到/etc/mail.rc底部的configuration选项
# /etc/mail.rc options added to the bottom set smtp-use-starttls set smtp-auth=login set smtp=smtp://smtp.gmail.com:587 set from="[email protected](Web01 Server)" set [email protected] set smtp-auth-password=your.pass set ssl-verify=ignore set nss-config-dir=/root/.certs
确保将your.from.user,your.smtp.user和your.pass更改为各自的variables。