Node-RED和nodemailer - 错误：无法验证第一个证书

Question

I am trying to make something very basic work and it just isn't working for me. I have a simple Node-RED flow with an inject input node and an email output node:

The properties of the email node look like this:

The error says:

"7/28/2017, 11:43:28 AM node: fname.lname@company.com msg : error "Error: unable to verify the first certificate"

I am able to manually send unauthenticated email through this server via telnet. Even if I enter account creds it gives me the same "Error: unable to verify the first certificate".

Am I missing something simple?

Answer 1

I don't have enough reputation to write a comment, but i am adding this line for the previous reply, somebody might need it,

to bypass this error in Node.js program, type:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

Answer 2

The problem is that the mail server you are connecting to is using SSL and the certificate it is supplying is not signed by one of the trusted CA's built into the Node.JS implementation you are using.

I'm guessing it's a self signed certificate.

The Error says that Node.JS can not verify the first certificate in the presented chain.

My best guess is that Nodemailer (which is used under the covers by the email node) is seeing the STARTTLS option listed when it sends the EHLO command as it starts the connection to the mail server and is trying to upgrade the connection to one that is secure.

While I really wouldn't normally recommend this, you can turn off Node.JS's cert checking by exporting the following environment variable before starting Node-RED:

NODE_TLS_REJECT_UNAUTHORIZED=0

This turns off ALL certificate checking, so you are open to man in the middle attacks for any TLS/SSL connection made from Node-RED.

The real solution here is to get a proper certificate for the mail server, maybe something from the letsencrypt project especially if this mail server is internet facing in any way.