On 21.8.2012 15:59, Ethier, Michael wrote: > Hello, > > > > The rt-mailgate program acts differently between v 3.8.8 and v 4.0.6. > The v 3.8.8 version works > > fine using https, and even when I have v 4.0.6 running with the > /etc/aliases point to the v 3.8.8 version of rtmailgate, email > > get sent to the queue. But the v 4.0.6 version fails with certificate > verify failed, output from mailq: > > > > (temporary failure. Command output: An Error Occurred ================= > 500 Can't connect to testrt.rc.fas.harvard.edu:443 (certificate verify > failed)) > > r...@testrt.rc.fas.harvard.edu > > > > Any ideas as to the verification of my RT/ssl setup, on how to fix this > ? Apparently the RT 4.0.6 is less forgiving about the ssl setup and config. > > I ran RT configure with the --enable-ssl-mailgate option and installed > all perl modules required with “make fixdeps” in RT 4.0.6. > > > > Thanks, > > Mike > > > > This is in /etc/aliases: > > # rt3 > > rt: "|/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action > correspond --url https://testrt.rc.fas.harvard.edu/" > > rt-comment: "|/opt/rt-3.8.8/bin/rt-mailgate --queue 'General' --action > comment --url https://testrt.rc.fas.harvard.edu/" > > > > # rt4 > > #rt: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file > /etc/pki/tls/certs/ca-bundle.crt --action correspond --url > https://testrt.rc.fas.harvard.edu/" > > #rt-comment: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file > /etc/pki/tls/certs/ca-bundle.crt --action comment --url > https://testrt.rc.fas.harvard.edu/" >
Hi Mike, add this option to your aliases if you want to bypass certificate validation: --no-verify-ssl So your rt entry in /etc/aliases would look like this: #rt: "|/opt/rt4/bin/rt-mailgate --queue 'General' --ca-file /etc/pki/tls/certs/ca-bundle.crt --action correspond --url https://testrt.rc.fas.harvard.edu/ --no-verify-ssl" Martin