Symptom:
We plan to use mailx in Oracle Linux 7.6 VM to send emails via smtp services provided by OCI Email Delivery ServiceWe followed the instructions of the official doc and get smtp credential and smtp connections setup
When we run this command:
echo "test test from henry" | mailx -v -s "test test test" \
-S nss-config-dir=/etc/certs \
-S smtp-use-starttls \
-S smtp-auth=plain \
-S smtp=smtp.us-ashburn-1.oraclecloud.com \
-S from="no-reply@test.com(henryxie)" \
-S smtp-auth-user="<ocid from smtp credentials doc >" \
-S smtp-auth-password="<password from smtp credentials doc>" henry.xie@oracle.com
We get error
“Error in certificate: Peer's certificate issuer is not recognized.”
Solution:
The reason is due to nss-config-dir has not included the CA publisher of the smtp.us-ashburn-1.oraclecloud.com . We need to add them into the nss-config-dir- To get details of CA details ,run this
- openssl s_client -showcerts -connect smtp.us-ashburn-1.oraclecloud.com:587 -starttls smtp > /etc/certs/mycerts
- Vi mycerts and copy each certificate including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- and paste them into their respective files. ie: ocismtp-ashburn1.pem ocismtp-ashburn2.pem
- Import them into the nss-config-dr /etc/certs via below commands
- certutil -A -n "DigiCert SHA2 Secure Server CA" -t "TC,," -d /etc/certs -i /etc/certs/ocismtp-ashburn1.pem
- certutil -A -n "DigiCert SHA2 Secure Server CA smtp" -t "TC,," -d /etc/certs -i /etc/certs/ocismtp-ashburn2.pem
- use certutil -L -d /etc/certs to verify they are imported well
The error should be gone
No comments:
Post a Comment