Thanks for the suggestions guys.
I finally just turned off my re-write rule that was re-directing http to
https and side-stepped the rt-mailgate ssl failure all together. Not
ideal, but in practice very few of my users log into RT directly so it's a
configuration I can live with short term while I figure out the real issue.
I've configured postfix to hand messages to the aliases for my queues
directly to rt-mailgate. It is rt-mailgate that cannot verify the ssl
certificate that my web server is presenting it. None of my web browsers
have trouble with it, so it feels like an rt-mailgate configuration issue.
I can repro the issue on the command line
root@linux:~# /opt/rt4/bin/rt-mailgate --debug --queue 'general' --action
correspond --url https://request.domain.com/ ~/test.msg
/opt/rt4/bin/rt-mailgate: temp file is '/tmp/XOCrOYAr8p/vkVDTmoszI'
/opt/rt4/bin/rt-mailgate: connecting to
https://request.domain.com//REST/1.0/NoAuth/mail-gateway
An Error Occurred
=
500 Can't connect to
request.domain.com:443 (certificate
verify failed)
/opt/rt4/bin/rt-mailgate: undefined server error
-Rob
On Mon, Jan 9, 2012 at 4:08 PM, Izz Abdullah izz.abdul...@hibbett.comwrote:
And if that doesn't work, since I have a certificate with a domain name
(although signed by our internal CA which all of our PCs trust), I had to
put in below where Mauricio put in https://localhost, I actually needed
to use my dns name in which the certificate is assigned (e.g. https://MyRT
)
My $0.02 worth as well. :)
-Original Message-
From: rt-users-boun...@lists.bestpractical.com [mailto:
rt-users-boun...@lists.bestpractical.com] On Behalf Of Mauricio Tavares
Sent: Monday, January 09, 2012 4:02 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] rt-mailgate
On Mon, Jan 9, 2012 at 1:34 PM, Robert Nesius nes...@gmail.com wrote:
I made a recently change to how my apache2 server was configured to
redirect all requests through https. Now emails are not flowing
through to RT - I tracked the issue down to rt-mailgate complaining
about not being able to verify the certificate. I'm a little
perplexed on how to proceed or how to verify what certs/CAs
rt-mailgate is using, or if there is an issue with the Crypt::SSLeay
module (which I had to force install due to a failing test).
I only have one openssl install on the system, and I thought
Crypt::SSLeay would reach through to those configs for things like CA
certs, etc...
Perhaps an easy workaround, since the mail server and apache2 server
are on the same machine, would be to configure a localhost:80
virtual host within
apache2 and bypass SSL when accessing RT via that url.
Any helpful hints/suggestions would be greatly appreciated. I've
been google-ing away but haven't had any luck yet.
AFAIK, rt-mailgate connects to RT using RT's web interface; it should
use whatever cert you have defined in the virtual host entry for RT. Here
is how my fetchmailrc calls rt-mailgate:
mda /usr/bin/perl /usr/bin/rt-mailgate --url https://localhost/rt \
--queue support --action correspond
-Rob
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston - March 5 6, 2012
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 6, 2012
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 6, 2012
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 6, 2012
