Rails 3 : OpenSSL :: SSL :: SSLError : 호스트 이름이 서버 인증서와 일치하지 않습니다.

Rails 3 : OpenSSL :: SSL :: SSLError : 호스트 이름이 서버 인증서와 일치하지 않습니다.

---

콘솔을 통해 이메일을 전송하려고 할 때 다음 오류가 표시됩니다.

OpenSSL::SSL::SSLError: hostname was not match with the server certificate

문제는 인증서 등에 대해 잘 모르거나 실제로 문제 해결을 시작하는 방법에 대해 몇 가지 조사를 시도 openssl했으며 여기에 반환 된 인증서가 있습니다.

서버에서 실행되는 Postfix 또는 내 레일 앱의 문제인지, 어떤 도움이나 단서라도 정말 고맙게 생각하는지 모르겠습니다.

~% openssl s_client -connect mail.myhostname.com:25 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=myhostname
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=myhostname
verify return:1
---
Certificate chain
 0 s:/CN=myhostname
   i:/CN=myhostname
---
Server certificate
-----BEGIN CERTIFICATE-----
[...redacted...]
-----END CERTIFICATE-----
subject=/CN=myhostname
issuer=/CN=myhostname
---
No client certificate CA names sent
---
SSL handshake has read 1203 bytes and written 360 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1AA4B8BFAAA85DA9ED4755194C50311670E57C35B8C51F9C2749936DA11918E4
    Session-ID-ctx: 
    Master-Key: 9B432F1DE9F3580DCC6208C76F96631DC5A4BC517BDBADD5F514414DCF34AC526C30687B96C5C4742E9583555A118232
    Key-Arg   : None
    Start Time: 1292985376
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 DSN

---

허용되는 답변보다 훨씬 더 나은 솔루션 (보안 측면에서)은 다음과 같습니다.

ActionMailer::Base.smtp_settings = {
  :address              => "mail.foo.com",
  :port                 => 587,
  :domain               => "foo.com",
  :user_name            => "addy@foo.com",
  :password             => "foofoo",
  :authentication       => "plain",
  :enable_starttls_auto => true,
  :openssl_verify_mode  => 'none'
}

이렇게하면 여전히 암호화를 사용할 수 있지만 인증서 유효성 검사가 비활성화되고 오류가 발생하지 않습니다.

---

EDIT: This answer is no longer the best solution, and may no longer work. See this answer which is more secure.

The name on certificate should match with the url on which you are running your application

Not useful... I get this error with dreamhost, where I have no option to change the ssl certificate. (well, I do, but it costs.)

One option is to disable tls. Hopefully you have something like this in your initializers:

ActionMailer::Base.smtp_settings = {
  :address              => "mail.foo.com",
  :port                 => 587,
  :domain               => "foo.com",
  :user_name            => "addy@foo.com",
  :password             => "foofoo",
  :authentication       => "plain",
  :enable_starttls_auto => true
}

Change the enable starttls auto option to false (or add it in if it isn't present).

Warning: this will disable encryption, meaning your username an password will traverse the internet in plain text

I can't see a better way of doing this, so would be interested in any answers.

---

If you are using the ruby mail library as I do,here is the setting for pop

pop = Net::POP3.new(mail_server, mail_port)
pop.enable_ssl(0) #(default is on, if you want turn it off set it to 0 )
pop.start(mail_username, mail_pwd) 

---

As many people discussing this question have mentioned dreamhost, there is a better dreamhost-specific answer to this question.

Your email software, in recent years, has probably started getting more belligerent at you for using incorrect servernames on your certificates. As a response, Dreamhost now recommends using their domain name rather than your own when setting up your email account.

You need to find out which mail cluster your account is assigned to, then your config will be as follows:

ActionMailer::Base.smtp_settings = {
  :address              => "mail.foo.com",
  :port                 => 587,
  :domain               => "subX.mail.dreamhost.com" # instead of "foo.com",
  :user_name            => "addy@foo.com",
  :password             => "foofoo",
  :authentication       => "plain",
  :enable_starttls_auto => true,
  # :openssl_verify_mode  => 'none' # hopefully, no longer needed
}

where subX is the subdomain your email cluster is on. Currently this can be found on your Dreamhost panel at Panel > Support > Data Centers

More details can be found on their email client configuration page: https://help.dreamhost.com/hc/en-us/articles/214918038-Email-client-configuration-overview

ReferenceURL : https://stackoverflow.com/questions/4505795/rails-3-opensslsslsslerror-hostname-was-not-match-with-the-server-certific