Thanks for the suggestions guys. I finally just turned off my re-write rule that was re-directing http to https and side-stepped the rt-mailgate ssl failure all together. Not ideal, but in practice very few of my users log into RT directly so it's a configuration I can live with short term while I figure out the real issue.
I've configured postfix to hand messages to the aliases for my queues directly to rt-mailgate. It is rt-mailgate that cannot verify the ssl certificate that my web server is presenting it. None of my web browsers have trouble with it, so it feels like an rt-mailgate configuration issue. I can repro the issue on the command line.... root@linux:~# /opt/rt4/bin/rt-mailgate --debug --queue 'general' --action correspond --url https://request.domain.com/ < ~/test.msg /opt/rt4/bin/rt-mailgate: temp file is '/tmp/XOCrOYAr8p/vkVDTmoszI' /opt/rt4/bin/rt-mailgate: connecting to https://request.domain.com//REST/1.0/NoAuth/mail-gateway An Error Occurred ================= 500 Can't connect to request.domain.com:443 (certificate verify failed) /opt/rt4/bin/rt-mailgate: undefined server error -Rob On Mon, Jan 9, 2012 at 4:08 PM, Izz Abdullah <izz.abdul...@hibbett.com>wrote: > And if that doesn't work, since I have a certificate with a domain name > (although signed by our internal CA which all of our PCs trust), I had to > put in below where Mauricio put in https://localhost, I actually needed > to use my dns name in which the certificate is assigned (e.g. https://MyRT > ) > > My $0.02 worth as well. :) > > -----Original Message----- > From: rt-users-boun...@lists.bestpractical.com [mailto: > rt-users-boun...@lists.bestpractical.com] On Behalf Of Mauricio Tavares > Sent: Monday, January 09, 2012 4:02 PM > To: rt-users@lists.bestpractical.com > Subject: Re: [rt-users] rt-mailgate > > On Mon, Jan 9, 2012 at 1:34 PM, Robert Nesius <nes...@gmail.com> wrote: > > I made a recently change to how my apache2 server was configured to > > redirect all requests through https. Now emails are not flowing > > through to RT - I tracked the issue down to rt-mailgate complaining > > about not being able to verify the certificate. I'm a little > > perplexed on how to proceed or how to verify what certs/CAs > > rt-mailgate is using, or if there is an issue with the Crypt::SSLeay > module (which I had to force install due to a failing test). > > I only have one openssl install on the system, and I thought > > Crypt::SSLeay would reach through to those configs for things like CA > certs, etc... > > > > Perhaps an easy workaround, since the mail server and apache2 server > > are on the same machine, would be to configure a "localhost:80" > > virtual host within > > apache2 and bypass SSL when accessing RT via that url. > > > > Any helpful hints/suggestions would be greatly appreciated. I've > > been google-ing away but haven't had any luck yet. > > > AFAIK, rt-mailgate connects to RT using RT's web interface; it should > use whatever cert you have defined in the virtual host entry for RT. Here > is how my fetchmailrc calls rt-mailgate: > > mda "/usr/bin/perl /usr/bin/rt-mailgate --url https://localhost/rt \ > --queue support --action correspond" > > > -Rob > > > > -------- > > RT Training Sessions (http://bestpractical.com/services/training.html) > > * Boston - March 5 & 6, 2012 > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Boston March 5 & 6, 2012 > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Boston March 5 & 6, 2012 >
-------- RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012
