On Wed, Aug 06, 2014 at 09:44:40PM +0000, Richards, Matthew E ERDC-RDE-CERL-IL wrote: > > If you're going to the localhost, I'm not actually sure why you're > > involving SSL, but that's a separate issue. > > Actually, that was the issue. You're right, there's no need to use SSL > with localhost. We have a rewrite from 80 to 443 for all interfaces > and it always forces us to use https. I guess we could have created a > non-SSL site just for localhost. The DoD has its own root CA that we > added in a ca_file, but I think it's very slow and was causing the > timeouts. I changed the rt-mailgate get_useragent to "$ua- > >ssl_opts(SSL_verify_mode => 'SSL_VERIFY_NONE');" and that solved the > issue. It's a temporary fix until we create a locahost:80 binding. I > don't like maintaining custom source. Thanks for all the help.
If you don't want to verify, why not just use the flag? $ ./bin/rt-mailgate --help | grep verify "--ca-file" or "--no-verify-ssl", below. authority that should be used to verify the website's SSL certificate. preferentially use this option over "--no-verify-ssl", as it will "--no-verify-ssl" -kevin
pgpEGC686EGKR.pgp
Description: PGP signature
-- RT Training - Boston, September 9-10 http://bestpractical.com/training