[rt-users] rt-mailgate problem - certificate verify failure ?
Martin Drasar
drasar at ics.muni.cz
Tue Aug 21 10:11:16 EDT 2012
On 21.8.2012 15:59, Ethier, Michael wrote:
> Hello,
>
>
>
> The rt-mailgate program acts differently between v 3.8.8 and v 4.0.6.
> The v 3.8.8 version works
>
> fine using https, and even when I have v 4.0.6 running with the
> /etc/aliases point to the v 3.8.8 version of rtmailgate, email
>
> get sent to the queue. But the v 4.0.6 version fails with certificate
> verify failed, output from mailq:
>
>
>
> (temporary failure. Command output: An Error Occurred =================
> 500 Can't connect to testrt.rc.fas.harvard.edu:443 (certificate verify
> failed))
>
> rt at testrt.rc.fas.harvard.edu
>
>
>
> Any ideas as to the verification of my RT/ssl setup, on how to fix this
> ? Apparently the RT 4.0.6 is less forgiving about the ssl setup and config.
>
> I ran RT configure with the --enable-ssl-mailgate option and installed
> all perl modules required with “make fixdeps” in RT 4.0.6.
>
>
>
> Thanks,
>
> Mike
>
>
>
> This is in /etc/aliases:
>
> # rt3
>
> rt: "|/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action
> correspond --url https://testrt.rc.fas.harvard.edu/"
>
> rt-comment: "|/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action
> comment --url https://testrt.rc.fas.harvard.edu/"
>
>
>
> # rt4
>
> #rt: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
> /etc/pki/tls/certs/ca-bundle.crt --action correspond --url
> https://testrt.rc.fas.harvard.edu/"
>
> #rt-comment: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
> /etc/pki/tls/certs/ca-bundle.crt --action comment --url
> https://testrt.rc.fas.harvard.edu/"
>
Hi Mike,
add this option to your aliases if you want to bypass certificate
validation: --no-verify-ssl
So your rt entry in /etc/aliases would look like this:
#rt: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file
/etc/pki/tls/certs/ca-bundle.crt --action correspond --url
https://testrt.rc.fas.harvard.edu/ --no-verify-ssl"
Martin
More information about the rt-users
mailing list