[rt-users] rt-mailgate problem - certificate verify failure ?

Martin Drasar drasar at ics.muni.cz
Tue Aug 21 10:11:16 EDT 2012


On 21.8.2012 15:59, Ethier, Michael wrote:
> Hello,
> 
>  
> 
> The rt-mailgate program acts differently between v 3.8.8 and v 4.0.6.
> The v 3.8.8 version works
> 
> fine using https, and even when I have v 4.0.6 running with the
> /etc/aliases point to the v 3.8.8 version of rtmailgate, email
> 
> get sent to the queue. But the v 4.0.6 version fails with certificate
> verify failed, output from mailq:
> 
>  
> 
> (temporary failure. Command output: An Error Occurred ================= 
> 500 Can't connect to testrt.rc.fas.harvard.edu:443 (certificate verify
> failed))
> 
>                                          rt at testrt.rc.fas.harvard.edu
> 
>  
> 
> Any ideas as to the verification of my RT/ssl setup,  on how to fix this
> ? Apparently the RT 4.0.6 is less forgiving about the ssl setup and config.
> 
> I ran RT configure with the --enable-ssl-mailgate option and installed
> all perl modules required with “make fixdeps” in RT 4.0.6.
> 
>  
> 
> Thanks,
> 
> Mike
> 
>  
> 
> This is in /etc/aliases:
> 
> # rt3
> 
> rt: "|/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action
> correspond --url https://testrt.rc.fas.harvard.edu/"
> 
> rt-comment: "|/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action
> comment --url https://testrt.rc.fas.harvard.edu/"
> 
>  
> 
> # rt4
> 
> #rt: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
> /etc/pki/tls/certs/ca-bundle.crt --action correspond --url
> https://testrt.rc.fas.harvard.edu/"
> 
> #rt-comment: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
> /etc/pki/tls/certs/ca-bundle.crt --action comment --url
> https://testrt.rc.fas.harvard.edu/"
> 

Hi Mike,

add this option to your aliases if you want to bypass certificate
validation: --no-verify-ssl

So your rt entry in /etc/aliases would look like this:

#rt: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
/etc/pki/tls/certs/ca-bundle.crt --action correspond --url
https://testrt.rc.fas.harvard.edu/ --no-verify-ssl"

Martin



More information about the rt-users mailing list