API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 22nd, 2017
522
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.88 KB | None | 0 0
raw download clone embed print report
  1. ~]$ certutil -L -d certs
  2.  
  3. Certificate Nickname Trust Attributes
  4. SSL,S/MIME,JAR/XPI
  5.  
  6. GeoTrust SSL CA ,,
  7. VeriSign Class 3 Secure Server CA - G3 ,,
  8. Microsoft Internet Authority ,,
  9. VeriSign Class 3 Extended Validation SSL CA ,,
  10. Akamai Subordinate CA 3 ,,
  11. MSIT Machine Auth CA 2 ,,
  12. Google Internet Authority ,,
  13.  
  14. ~]$ certutil -L -n 'Google Internet Authority' -d certs -a > google.cert.asc
  15.  
  16. ~]$ certutil -A -t "C,," -n 'Google Internet Authority' -d certs -i google.cert.asc
  17.  
  18. ~]$ certutil -L -d certs
  19.  
  20. Certificate Nickname Trust Attributes
  21. SSL,S/MIME,JAR/XPI
  22. ...
  23. Google Internet Authority C,,
  24.  
  25. ~]$ /bin/mailx -A gmail -s "Whadda ya no" somebody@acompany.com
  26. ho ho ho
  27. EOT
  28. ~]$
  29.  
  30. ~]$ certutil -A -t "C,,"
  31. -n 'gmail.com'
  32. -d certs
  33. -i 'http://google.com/cert/this...'
  34.  
  35. # Create a certificate directory
  36. ~]$ mkdir certs
  37.  
  38. # Create a new database in the certs dir
  39. ~]$ certutil -N -d certs
  40.  
  41. # Need now a chain certificate - May 18, 2015
  42. ~]$ wget https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.cer
  43.  
  44. # Need now a chain certificate part 2 - May 18, 2015
  45. ~]$ mv GeoTrust_Global_CA.cer certs/
  46.  
  47. # Fetch the certificate from Gmail, saving in the text file GMAILCERT
  48. # Added the CA opion - May 18, 2015
  49. ~]$ echo -n | openssl s_client -connect smtp.gmail.com:465 -CAfile certs/GeoTrust_Global_CA.cer | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > GMAILCERT
  50.  
  51. # Import the new cert file into the new database in the new dir
  52. ~]$ certutil -A -n "Google Internet Authority" -t "C,," -d certs -i GMAILCERT
  53.  
  54. # Double Check
  55. ~]$ certutil -L -d certs
  56.  
  57. Certificate Nickname Trust Attributes
  58. SSL,S/MIME,JAR/XPI
  59.  
  60. Google Internet Authority C,,
  61.  
  62. # Create a certificate directory
  63. mkdir ~/.certs
  64.  
  65. # Create a new database in the certs dir (dont forget to enter your pass phrase!)
  66. certutil -N -d ~/.certs
  67.  
  68. # Create three files for the cert chain
  69. touch ~/.certs/google ~/.certs/geotrust ~/.certs/equifax
  70.  
  71. # Copy the cert chain for smtp.google.com:465 over to my_certs file (don't forget the -showcerts option, CTRL + C to end this command)
  72. openssl s_client -showcerts -connect smtp.gmail.com:465 > ~/.certs/my_certs
  73.  
  74. # Open your my_certs file you made earlier and copy the google cert (usually the first one)
  75. nano ~/.certs/my_certs
  76.  
  77. # Open your google file, paste the google cert that you just copied, and save and close
  78. nano ~/.certs/google
  79.  
  80. # Open your my_certs file you made earlier and copy the geotrust cert (usually the second one)
  81. nano ~/.certs/my_certs
  82.  
  83. # Open your geotrust file, paste the geotrust cert that you just copied, and save and close
  84. nano ~/.certs/geotrust
  85.  
  86. # Open your my_certs file you made earlier and copy the equifax cert (usually the third one)
  87. nano ~/.certs/my_certs
  88.  
  89. # Open your equifax file, paste the equifax cert that you just copied, and save and close
  90. nano ~/.certs/equifax
  91.  
  92. # Import the google cert into the db
  93. certutil -A -n "Google Internet Authority" -t "TC,," -d ~/.certs -i ~/.certs/google
  94.  
  95. # Import the geotrust cert into the db
  96. certutil -A -n "GeoTrust Global CA" -t "TC,," -d ~/.certs -i ~/.certs/geotrust
  97.  
  98. # Import the equifax cert into the db
  99. certutil -A -n "Equifax Secure Certificate Authority" -t "TCP,," -d ~/.certs -i ~/.certs/equifax
  100.  
  101. # Double check to make sure everything imported correctly into the db
  102. certutil -L -d ~/.certs
  103.  
  104. Certificate Nickname Trust Attributes
  105. SSL,S/MIME,JAR/XPI
  106.  
  107. Google Internet Authority CT,,
  108. GeoTrust Global CA CT,,
  109. Equifax Secure Certificate Authority CT,,
  110.  
  111. # Remove all unnecessary files since the db has the certs :)
  112. rm -rf ~/.certs/google ~/.certs/geotrust ~/.certs/equifax ~/.certs/my_certs
  113.  
  114. # Now run a test to make sure mailx is sending correctly now (don't forget to change yourname@example.com to the email address you'd like to send to)
  115. echo "Your message" | mail -s "Message Subject" yourname@example.com
  116.  
  117. # /etc/mail.rc options added to the bottom
  118. set smtp-use-starttls
  119. set smtp-auth=login
  120. set smtp=smtp://smtp.gmail.com:587
  121. set from="your.from.user@gmail.com(Web01 Server)"
  122. set smtp-auth-user=your.smtp.user@gmail.com
  123. set smtp-auth-password=your.pass
  124. set ssl-verify=ignore
  125. set nss-config-dir=/root/.certs
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!