如何将 Zend_Mail_Transport_Smtp 与 tls 和自签名证书一起使用?
我正在使用 SMTP
传输。我想使用 TLS
但我的主机有自签名证书。
在这种情况下可以使用TLS
吗?
I'm using SMTP
transport. I would like to use TLS
but my hosting has self-signed certificate.
It is possible to use TLS
in such situation?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
TLS 本身没有证书是否自签名的概念。当您启动 TLS 连接(通过连接到特定端口或通过 STARTTLS)时,服务器和客户端将协商 TLS 连接。
作为 TLS 协商的一部分,由客户端和服务器决定它们提供的证书是否有效。如果证书是自签名的,则客户端(我假设您是服务器)可能会拒绝该证书,因为它不是由已知的 CA 颁发的,或者它可能会接受它。
因此,可以将 TLS 与自签名证书结合使用(我们就是这样做的),但客户端也有可能拒绝连接,因为它无法验证证书。如果您完全控制客户端(您在这里所做的),您当然可以帮助做到这一点并确保您始终接受您的主机证书。
TLS itself has no concept of the certificate being self signed or not. When you initiate a TLS connection (either by connecting to a specific port or via STARTTLS) the server and client negotiate the TLS connection.
As part of the TLS negotiation it is up to the client and server to decide whether the certificate that they're presented is valid or not. If the certificate is self signed it's possible that the client (I'm assuming you're the server) may reject the certificate because it's not issued by a known CA or it might accept it.
It's therefore possible to use TLS with self signed certificates (we do it) but it's also possible that a client could reject the connection because it cannot verify the certificate. If you full have control of the clients (which you do here) you can of course aid this and ensure you always accept your hosts certificate.