[英]Why Nodemailer does not securely connect to my server running on a shared host
I need to secure the connexion between my node app and my mail server (running on a shared hosting).我需要保护我的节点应用程序和我的邮件服务器(在共享主机上运行)之间的连接。 I use Nodemailer configured like this:我使用这样配置的 Nodemailer:
{
transport: {
// Is this where I am not sure
key: [ readFileSync(__dirname + '/../../../../cert.pem') ],
host: mail.my.domain,
auth: {
user: USER,
pass: PWD
}
}
}
When I try to send an email I end up with this error:当我尝试发送 email 时,我最终遇到了这个错误:
Hostname/IP does not match certificate's altnames: Host: mail.my.domain. is not in the cert's altnames: DNS:xxx.planethoster.net, DNS:xxx.xxx.planethoster.net
I read everywhere that I should use rejectUnauthorized: true
to by pass this issue and it works.我到处读到我应该使用rejectUnauthorized: true
来绕过这个问题并且它有效。 But it is not an option to let this connexion ensecure.但是,让这种连接得到保障并不是一种选择。
The cert.pem
loaded was the private ~/ssl/keys/XXXX.key
of my mail server renamed with the .pem
extension.加载的cert.pem
是我的邮件服务器的私有~/ssl/keys/XXXX.key
使用.pem
扩展名重命名。 I am not very confortable with certificate/keys stuff but I know that the running SSL certificate on my server is a valid one.我对证书/密钥的东西不太满意,但我知道在我的服务器上运行的 SSL 证书是有效的。
So, I have doubt about the files I renamed and gave to Nodemailer.所以,我怀疑我重命名并提供给 Nodemailer 的文件。
Planethoster support helped me to understand what was going wrong. Planethoster 支持帮助我了解出了什么问题。 I wan't to let this here as I think I won't be the only one to use share hosting for mailing.我不想让这个在这里,因为我认为我不会是唯一一个使用共享托管进行邮件的人。
In fact, my mail server is on a shared hosting at Planethoster.事实上,我的邮件服务器位于 Planethoster 的共享主机上。 Thus, the certificate is only for the hosting machine name.因此,证书仅适用于主机名称。 Here it is world-346.fr.planethoster.net
这里是world-346.fr.planethoster.net
So I resolved the problem by setting my configuration like this:所以我通过这样设置我的配置解决了这个问题:
{
transport: {
// Removed the unecessary cert loading
// key: [ readFileSync(__dirname + '/../../../../cert.pem') ],
host: world-346.fr.planethoster.net, // The host is now the shared machine
auth: {
user: USER,
pass: PWD
}
}
}
The host machine is now OK with the given hostname as it is included in its certificate.主机现在可以使用给定的主机名,因为它包含在其证书中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.