[rt-users] New cert breaks mailgate

Mitch Kyser mkyser at albion.edu
Tue Feb 3 16:27:02 EST 2015


Hi Tim

Thanks for the response. We tried that and could not get it to work
either.  Turns out our CA is pretty old and still running on a 2003 box.

We were going to roll out RT to our staff first who all use domain machines
that include our root CA cert already.  The web portion worked fine.  We
were going to let our students eventually start sending requests and
planned to get a commercial cert.  This just pushed the time up a few
months.  So now we have a new project, upgrade our CA.

On Tue, Feb 3, 2015 at 3:26 PM, Tim Wiley <tim at marchex.com> wrote:

> On 02/03/2015 12:09 PM, mkyser wrote:
>
>> Well we finally figured out that the mailgate did not like our local CA.
>> Went and bought a Thawte cert for RT and now everything is working as it
>> should.  The lesson here is spend the money and get a real cert!
>>
>
> I wish I had gotten to this earlier.  There's a better option in
> rt-mailgate.  What we've done is add --ca-file to the rt-mailgate command
> in our postfix aliases.
>
> my-queue-address: "|/path/to/rt/bin/rt-mailgate --queue 'My Queue'
> --action correspond --ca-file /path/to/your/root.crt --url
> https://rt.example.com"
>
> This of course means that you have to ship your root CA certificate with
> the application, but that shouldn't be a big deal.
>



-- 
Mitch Kyser
Network Administrator
Albion.College
mkyser at albion.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150203/5d936740/attachment.html>


More information about the rt-users mailing list