Rails 3: OpenSSL::SSL::SSLError: hostname was not match with the server certificate

ruby-on-rails ruby-on-rails-3 openssl ssl-certificate
JP Silvashy picture JP Silvashy · Dec 22, 2010 · Viewed 32.7k times · Source

When trying to deliver an email via console I receive this error:

OpenSSL::SSL::SSLError: hostname was not match with the server certificate

The thing is I really don't know much about certificates and such, or really how to get started troubleshooting this, I tried to do some investigation with openssl and here is the certificate that is returned.

I don't know if its a problem with Postfix which is running on the server, or my rails app, any help or clues is really appreciated.

~% openssl s_client -connect mail.myhostname.com:25 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=myhostname
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=myhostname
verify return:1
---
Certificate chain
 0 s:/CN=myhostname
   i:/CN=myhostname
---
Server certificate
-----BEGIN CERTIFICATE-----
[...redacted...]
-----END CERTIFICATE-----
subject=/CN=myhostname
issuer=/CN=myhostname
---
No client certificate CA names sent
---
SSL handshake has read 1203 bytes and written 360 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1AA4B8BFAAA85DA9ED4755194C50311670E57C35B8C51F9C2749936DA11918E4
    Session-ID-ctx: 
    Master-Key: 9B432F1DE9F3580DCC6208C76F96631DC5A4BC517BDBADD5F514414DCF34AC526C30687B96C5C4742E9583555A118232
    Key-Arg   : None
    Start Time: 1292985376
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 DSN

Answer

Bozhidar Batsov picture Bozhidar Batsov · Nov 8, 2012

An infinitely better solution (in terms of security that is) than the accepted answer would be:

ActionMailer::Base.smtp_settings = {
  :address              => "mail.foo.com",
  :port                 => 587,
  :domain               => "foo.com",
  :user_name            => "[email protected]",
  :password             => "foofoo",
  :authentication       => "plain",
  :enable_starttls_auto => true,
  :openssl_verify_mode  => 'none'
}

This way you'll still be using encryption, but the validation of the certificate would be disabled (and you won't be getting any errors).

Related questions

Rails 3 - no such file to load -- openssl

when running a Rails server, I get the following error: no such file to load -- openssl I try a solution I find online. I go to ~/.rvm/src/ruby-1.9.2-head/ext/openssl. I type : ruby extconf.rb, but I …

Read More
How to get a random number in Ruby

How do I generate a random number between 0 and n?

Read More
Rails: How can I rename a database column in a Ruby on Rails migration?

I wrongly named a column hased_password instead of hashed_password. How do I update the database schema, using migration to rename this column?

Read More