Sorry, left out the -CApath flag, and this is just for illustration: root@xxx:/var/www/servers# openssl verify -CApath /etc/ssl/certs/ /usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt /usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt: OK
-----Original Message----- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Izz Abdullah Sent: Wednesday, January 11, 2012 1:14 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] rt-mailgate Have you guys checked to ensure the linux box itself, I presume it is linux, acknowledges the validity of the certificate? (usually something like: # openssl verify /etc/ssl/certs/ <certificate_to_verify> Just a quick openssl thought. -----Original Message----- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Mark Story Sent: Wednesday, January 11, 2012 1:04 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] rt-mailgate Hello, I've had the same issues and am only now getting around to figuring it out. Everything works fine in browser, but not thru rt-mailgate. Every other service that uses the SSL keys are working; puzzled. If I find something worthy of note, I'll post it. --Mark > Thanks for the suggestions guys. > > I finally just turned off my re-write rule that was re-directing http > to https and side-stepped the rt-mailgate ssl failure all together. > Not ideal, but in practice very few of my users log into RT directly > so it's a configuration I can live with short term while I figure out > the real issue. > > I've configured postfix to hand messages to the aliases for my queues > directly to rt-mailgate. It is rt-mailgate that cannot verify the ssl > certificate that my web server is presenting it. None of my web > browsers have trouble with it, so it feels like an rt-mailgate > configuration issue. I can repro the issue on the command line.... > -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012 -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012 -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012