如果出现问题,我需要我的脚本给管理员发送电子邮件,公司只使用Gmail.根据一些帖子说明,我可以使用.mailrc文件设置mailx.首先是nss-config-dir的错误我通过从firefox目录复制一些.db文件解决了这个问题.到./certs并在mailrc中瞄准它.邮件已发送.
但是,上面的错误出现了.
奇怪的是,.db中有一个Google证书.它出现了这个命令:
~]$certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI GeoTrust SSL CA,VeriSign Class 3 Secure Server CA - G3,Microsoft Internet Authority,VeriSign Class 3 Extended Validation SSL CA,Akamai Subordinate CA 3,MSIT Machine Auth CA 2,Google Internet Authority,
最有可能的是,它可以被忽略,因为邮件无论如何都有效.最后,在拉了一些头发和许多谷歌之后,我发现了如何摆脱烦恼.
首先,将现有证书导出到ASSCII文件:
~]$certutil -L -n 'Google Internet Authority' -d certs -a > google.cert.asc
现在重新导入该文件,并将其标记为受信任的SSL证书,ala:
~]$certutil -A -t "C," -n 'Google Internet Authority' -d certs -i google.cert.asc
在此之后,列表显示它是受信任的:
~]$certutil -L -d certs Certificate Nickname Trust Attributes SSL,JAR/XPI ... Google Internet Authority C,
而mailx毫无障碍地发出.
~]$/bin/mailx -A gmail -s "Whadda ya no" somebody@acompany.com ho ho ho EOT ~]$
我希望对那些希望完成错误的人有所帮助.
而且,我对某些事情感到好奇.
如果不是偶然在mozilla数据库中,我怎么能得到这个证书?
有没有例如这样的事情?
~]$certutil -A -t "C," \ -n 'gmail.com' \ -d certs \ -i 'http://google.com/cert/this...'
好吧,这不是我想要的一个班轮,但这是从头开始获取和导入证书的方法:
# Create a certificate directory ~]$mkdir certs # Create a new database in the certs dir ~]$certutil -N -d certs # Need now a chain certificate - May 18,2015 ~]$wget https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.cer # Need now a chain certificate part 2 - May 18,2015 ~]$mv GeoTrust_Global_CA.cer certs/ # Fetch the certificate from Gmail,saving in the text file GMAILCERT # Added the CA opion - May 18,2015 ~]$echo -n | openssl s_client -connect smtp.gmail.com:465 -CAfile certs/GeoTrust_Global_CA.cer | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > GMAILCERT # Import the new cert file into the new database in the new dir ~]$certutil -A -n "Google Internet Authority" -t "C," -d certs -i GMAILCERT # Double Check ~]$certutil -L -d certs Certificate Nickname Trust Attributes SSL,JAR/XPI Google Internet Authority C,