Best IT Recipes

Rails 3: OpenSSL :: SSL :: SSLError: the host name does not match the server certificate

When I try to deliver email through the console, I get this error:

OpenSSL::SSL::SSLError: hostname was not match with the server certificate

The fact is that I really know very little about certificates, etc., or really, how to get started troubleshooting, I tried to conduct some investigation using openssl , and here is the certificate returned.

I do not know if his problem with Postfix, which works on the server, or my rails application, any help or hints is really being evaluated.

 ~% openssl s_client -connect mail.myhostname.com:25 -starttls smtp CONNECTED(00000003) depth=0 /CN=myhostname verify error:num=18:self signed certificate verify return:1 depth=0 /CN=myhostname verify return:1 --- Certificate chain 0 s:/CN=myhostname i:/CN=myhostname --- Server certificate -----BEGIN CERTIFICATE----- [...redacted...] -----END CERTIFICATE----- subject=/CN=myhostname issuer=/CN=myhostname --- No client certificate CA names sent --- SSL handshake has read 1203 bytes and written 360 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 1AA4B8BFAAA85DA9ED4755194C50311670E57C35B8C51F9C2749936DA11918E4 Session-ID-ctx: Master-Key: 9B432F1DE9F3580DCC6208C76F96631DC5A4BC517BDBADD5F514414DCF34AC526C30687B96C5C4742E9583555A118232 Key-Arg : None Start Time: 1292985376 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 250 DSN
+52
ruby-on-rails ruby-on-rails-3 openssl ssl-certificate
Dec 22 2018-10-12T00:
source share
3 answers

An infinitely better solution (in terms of security) than the accepted answer:

 ActionMailer::Base.smtp_settings = { :address => "mail.foo.com", :port => 587, :domain => "foo.com", :user_name => "addy@foo.com", :password => "foofoo", :authentication => "plain", :enable_starttls_auto => true, :openssl_verify_mode => 'none' }

This way you will still use encryption, but certificate verification will be disabled (and you will not get any errors).

+128
Nov 08
source share

EDIT: This answer is no longer the best solution and may no longer work . See this answer , which is safer.

The certificate name must match the URL on which your application is running.

Not useful ... I get this error with dreamhost, where I have no way to change the ssl certificate. (well, yes, but it's worth it.)

One option is to disable tls. Hope you have something like this in your initializers:

 ActionMailer::Base.smtp_settings = { :address => "mail.foo.com", :port => 587, :domain => "foo.com", :user_name => "addy@foo.com", :password => "foofoo", :authentication => "plain", :enable_starttls_auto => true }

Change the enable starttls auto parameter to false (or add it if it is missing).

Warning: this will disable encryption, which means that your username will go through the Internet in plain text

I do not see a better way to do this, so any answers would be interesting.

+25
Feb 17 2018-11-11T00:
source share

If you use the ruby ​​mail library the same as me, here is the setting for pop

 pop = Net::POP3.new(mail_server, mail_port) pop.enable_ssl(0) #(default is on, if you want turn it off set it to 0 ) pop.start(mail_username, mail_pwd)
+1
Mar 22 '17 at 13:29
source share


More articles:


All Articles