Hi Martin, Thanks for the suggestion but if I enable --no-ssl I will be creating a security vulnerability no ?
Thanks, Mike -----Original Message----- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Martin Drasar Sent: Tuesday, August 21, 2012 10:11 AM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] rt-mailgate problem - certificate verify failure ? On 21.8.2012 15:59, Ethier, Michael wrote: > Hello, > > > > The rt-mailgate program acts differently between v 3.8.8 and v 4.0.6. > The v 3.8.8 version works > > fine using https, and even when I have v 4.0.6 running with the > /etc/aliases point to the v 3.8.8 version of rtmailgate, email > > get sent to the queue. But the v 4.0.6 version fails with certificate > verify failed, output from mailq: > > > > (temporary failure. Command output: An Error Occurred > ================= > 500 Can't connect to testrt.rc.fas.harvard.edu:443 (certificate verify > failed)) > > r...@testrt.rc.fas.harvard.edu > > > > Any ideas as to the verification of my RT/ssl setup, on how to fix > this ? Apparently the RT 4.0.6 is less forgiving about the ssl setup and > config. > > I ran RT configure with the --enable-ssl-mailgate option and installed > all perl modules required with "make fixdeps" in RT 4.0.6. > > > > Thanks, > > Mike > > > > This is in /etc/aliases: > > # rt3 > > rt: "|/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action > correspond --url https://testrt.rc.fas.harvard.edu/" > > rt-comment: "|/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action > comment --url https://testrt.rc.fas.harvard.edu/" > > > > # rt4 > > #rt: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file > /etc/pki/tls/certs/ca-bundle.crt --action correspond --url > https://testrt.rc.fas.harvard.edu/" > > #rt-comment: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file > /etc/pki/tls/certs/ca-bundle.crt --action comment --url > https://testrt.rc.fas.harvard.edu/" > Hi Mike, add this option to your aliases if you want to bypass certificate validation: --no-verify-ssl So your rt entry in /etc/aliases would look like this: #rt: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file /etc/pki/tls/certs/ca-bundle.crt --action correspond --url https://testrt.rc.fas.harvard.edu/ --no-verify-ssl" Martin