Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ~]$ certutil -L -d certs
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- GeoTrust SSL CA ,,
- VeriSign Class 3 Secure Server CA - G3 ,,
- Microsoft Internet Authority ,,
- VeriSign Class 3 Extended Validation SSL CA ,,
- Akamai Subordinate CA 3 ,,
- MSIT Machine Auth CA 2 ,,
- Google Internet Authority ,,
- ~]$ certutil -L -n 'Google Internet Authority' -d certs -a > google.cert.asc
- ~]$ certutil -A -t "C,," -n 'Google Internet Authority' -d certs -i google.cert.asc
- ~]$ certutil -L -d certs
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- ...
- Google Internet Authority C,,
- ~]$ /bin/mailx -A gmail -s "Whadda ya no" somebody@acompany.com
- ho ho ho
- EOT
- ~]$
- ~]$ certutil -A -t "C,,"
- -n 'gmail.com'
- -d certs
- -i 'http://google.com/cert/this...'
- # Create a certificate directory
- ~]$ mkdir certs
- # Create a new database in the certs dir
- ~]$ certutil -N -d certs
- # Need now a chain certificate - May 18, 2015
- ~]$ wget https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.cer
- # Need now a chain certificate part 2 - May 18, 2015
- ~]$ mv GeoTrust_Global_CA.cer certs/
- # Fetch the certificate from Gmail, saving in the text file GMAILCERT
- # Added the CA opion - May 18, 2015
- ~]$ echo -n | openssl s_client -connect smtp.gmail.com:465 -CAfile certs/GeoTrust_Global_CA.cer | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > GMAILCERT
- # Import the new cert file into the new database in the new dir
- ~]$ certutil -A -n "Google Internet Authority" -t "C,," -d certs -i GMAILCERT
- # Double Check
- ~]$ certutil -L -d certs
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- Google Internet Authority C,,
- # Create a certificate directory
- ~]$ mkdir ~/.certs
- # Create a new database in the certs dir (dont forget to enter your pass phrase!)
- ~]$ certutil -N -d ~/.certs
- # Create three files for the cert chain
- ~]$ touch ~/.certs/google ~/.certs/geotrust ~/.certs/equifax
- # Copy the cert chain for smtp.google.com:465 over to my_certs file (don't forget the -showcerts option, CTRL + C to end this command)
- ~]$ openssl s_client -showcerts -connect smtp.gmail.com:465 > ~/.certs/my_certs
- # Open your my_certs file you made earlier and copy the google cert (usually the first one)
- ~]$ nano ~/.certs/my_certs
- # Open your google file, paste the google cert that you just copied, and save and close
- ~]$ nano ~/.certs/google
- # Open your my_certs file you made earlier and copy the geotrust cert (usually the second one)
- ~]$ nano ~/.certs/my_certs
- # Open your geotrust file, paste the geotrust cert that you just copied, and save and close
- ~]$ nano ~/.certs/geotrust
- # Open your my_certs file you made earlier and copy the equifax cert (usually the third one)
- ~]$ nano ~/.certs/my_certs
- # Open your equifax file, paste the equifax cert that you just copied, and save and close
- ~]$ nano ~/.certs/equifax
- # Import the google cert into the db
- ~]$ certutil -A -n "Google Internet Authority" -t "TC,," -d ~/.certs -i ~/.certs/google
- # Import the geotrust cert into the db
- ~]$ certutil -A -n "GeoTrust Global CA" -t "TC,," -d ~/.certs -i ~/.certs/geotrust
- # Import the equifax cert into the db
- ~]$ certutil -A -n "Equifax Secure Certificate Authority" -t "TCP,," -d ~/.certs -i ~/.certs/equifax
- # Double check to make sure everything imported correctly into the db
- ~]$ certutil -L -d ~/.certs
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- Google Internet Authority CT,,
- GeoTrust Global CA CT,,
- Equifax Secure Certificate Authority CT,,
- # Remove all unnecessary files since the db has the certs :)
- ~]$ rm -rf ~/.certs/google ~/.certs/geotrust ~/.certs/equifax ~/.certs/my_certs
- # Now run a test to make sure mailx is sending correctly now
- ~]$ echo "Your message" | mail -s "Message Subject" yourname@example.com
- # /etc/mail.rc options added to the bottom
- set smtp-use-starttls
- set smtp-auth=login
- set smtp=smtp://smtp.gmail.com:587
- set from="your.from.user@gmail.com(Web01 Server)"
- set smtp-auth-user=your.smtp.user@gmail.com
- set smtp-auth-password=your.pass
- set ssl-verify=ignore
- set nss-config-dir=/root/.certs
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement