smtp.gmail.com from bash gives "Error in certificate: Peer's certificate issuer is not recognized."

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by ndasusers on Server Fault See other posts from Server Fault or by ndasusers
Published on 2013-04-11T23:14:52Z Indexed on 2013/10/20 15:57 UTC
Read the original article Hit count: 1027

Filed under:
|
|

I needed my script to email admin if there is a problem, and the company only uses Gmail. Following a few posts instructions I was able to set up mailx using a .mailrc file. there was first the error of nss-config-dir I solved that by copying some .db files from a firefox directory. to ./certs and aiming to it in mailrc. A mail was sent.

However, the error above came up. By some miracle, there was a Google certificate in the .db. It showed up with this command:

~]$ certutil -L -d certs

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

GeoTrust SSL CA                                              ,,
VeriSign Class 3 Secure Server CA - G3                       ,,
Microsoft Internet Authority                                 ,,
VeriSign Class 3 Extended Validation SSL CA                  ,,
Akamai Subordinate CA 3                                      ,,
MSIT Machine Auth CA 2                                       ,,
Google Internet Authority                                    ,,

Most likely, it can be ignored, because the mail worked anyway. Finally, after pulling some hair and many googles, I found out how to rid myself of the annoyance.

First, export the existing certificate to a ASSCII file:

~]$ certutil -L -n 'Google Internet Authority'  -d certs -a > google.cert.asc

Now re-import that file, and mark it as a trusted for SSL certificates, ala:

~]$ certutil -A -t "C,," -n 'Google Internet Authority'  -d certs -i google.cert.asc

After this, listing shows it trusted:

~]$ certutil -L -d certs

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
...
Google Internet Authority                                    C,,

And mailx sends out with no hitch.

~]$ /bin/mailx -A gmail -s "Whadda ya no" [email protected]
ho ho ho
EOT
~]$

I hope it is helpful to someone looking to be done with the error.

Also, I am curious about somethings.

How could I get this certificate, if it were not in the mozilla database by chance? Is there for instance, something like this?

    ~]$ certutil -A -t "C,," \
                 -n 'gmail.com'  \
                 -d certs \
                 -i 'http://google.com/cert/this...'

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about ssl

Related posts about bash

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle