smtp.gmail.com from bash gives "Error in certificate: Peer's certificate issuer is not recognized."
- by ndasusers
I needed my script to email admin if there is a problem, and the company only uses Gmail. Following a few posts instructions I was able to set up mailx using a .mailrc file. there was first the error of nss-config-dir I solved that by copying some .db files from a firefox directory. to ./certs and aiming to it in mailrc. A mail was sent.
However, the error above came up.
By some miracle, there was a Google certificate in the .db. It showed up with this command:
~]$ certutil -L -d certs
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
GeoTrust SSL CA ,,
VeriSign Class 3 Secure Server CA - G3 ,,
Microsoft Internet Authority ,,
VeriSign Class 3 Extended Validation SSL CA ,,
Akamai Subordinate CA 3 ,,
MSIT Machine Auth CA 2 ,,
Google Internet Authority ,,
Most likely, it can be ignored, because the mail worked anyway. Finally, after pulling some hair and many googles, I found out how to rid myself of the annoyance.
First, export the existing certificate to a ASSCII file:
~]$ certutil -L -n 'Google Internet Authority' -d certs -a > google.cert.asc
Now re-import that file, and mark it as a trusted for SSL certificates, ala:
~]$ certutil -A -t "C,," -n 'Google Internet Authority' -d certs -i google.cert.asc
After this, listing shows it trusted:
~]$ certutil -L -d certs
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
...
Google Internet Authority C,,
And mailx sends out with no hitch.
~]$ /bin/mailx -A gmail -s "Whadda ya no" [email protected]
ho ho ho
EOT
~]$
I hope it is helpful to someone looking to be done with the error.
Also, I am curious about somethings.
How could I get this certificate, if it were not in the mozilla database by chance?
Is there for instance, something like this?
~]$ certutil -A -t "C,," \
-n 'gmail.com' \
-d certs \
-i 'http://google.com/cert/this...'