Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to use wget with ssl certificate

Tags:

certificate

ssl

wget

trustedconnection

I am using wget in my program to get some file using HTTP protocol. Here i need to set security so we moved HTTP protocol to HTTPS.

After changing to HTTPS how to perform wget. I mean how to make trusted connection between two machines then perform wget.

I want to make sure that wget can be performed from certain system only.

like image 602
Siva Gnanam Avatar asked Mar 09 '14 12:03

Siva Gnanam

People also ask

Does wget use SSL?

To support encrypted HTTP (HTTPS) downloads, Wget must be compiled with an external SSL library. The current default is GnuTLS. In addition, Wget also supports HSTS (HTTP Strict Transport Security). If Wget is compiled without SSL support, none of these options are available.

Does wget verify certificate?

wget - Linux From Scratch 11 can not verify any SSL certificates - Unix & Linux Stack Exchange. Stack Overflow for Teams – Start collaborating and sharing organizational knowledge.

Does wget use HTTP or https?

With Wget, you can download files using HTTP, HTTPS, and FTP protocols. Wget provides a number of options allowing you to download multiple files, resume downloads, limit the bandwidth, recursive downloads, download in the background, mirror a website, and much more.

What is wget -- no check certificate?

wget(1) --no-check-certificate. The non-interactive network downloader. --no-check-certificate Don't check the server certificate against the available certificate authorities. Also don't require the URL host name to match the common name presented by the certificate.

2 Answers

Step 1: SSL Certificates

First things first, if this machine is on the internet and the SSL certificate is signed by a trusted source, there is no need to specify a certificate.

However, if there is a self signed certificate involved things get a little more interesting.

For example:

  • if this machine uses a self signed certificate, or
  • if you are on a network with a proxy that re-encrypts all https connections

Then you need to trust the public key of the self signed certificate. You will need to export the public key as a .CER file. How you got the SSL certificate will determine how you get the public key as a .CER

Once you have the .CER then...

Step 2: Trust the Certificate

I suggest two options:

option one

wget --ca-certificate={the_cert_file_path} https://www.google.com

option two

set the option on ~/.wgetrc

ca_certificate={the_cert_file_path}

Additional resources

  • Blog post about this wget and ssl certificates
  • wget manual
like image 71
Aaron C Avatar answered Oct 22 '22 06:10

Aaron C

macOS users can use the cert.pem file:

wget --ca-certificate=/etc/ssl/cert.pem

or set in your ~/.wgetrc:

ca_certificate = /etc/ssl/cert.pem
like image 26
Demitri Avatar answered Oct 22 '22 05:10

Demitri
Sign in to Comment

Related questions

Reading PEM public key into iOS
Android DownloadManager and SSL (https)
How can i proxy to SSL backend without specifiyng cert files?
C# Visual Studio 2015: IWebProxy certificate validation
How to programmatically add certificates to a truststore and use that also for verifying server authentication
Configure HostnameVerifier with reactor netty for spring-webflux WebClient
How to call the default certificate check when overriding ServicePointManager.ServerCertificateValidationCallback in C#?
WebSocket connection to failed ERR_SSL_PROTOCOL_ERROR
AFNetworking problems with TLS Verification of a self signed server root CA
WebSocket connection fails on Chrome without SSL
How to cancel a persistent connection using NSURLConnection?
jsse handshake_failure on public https web site
Generating client side certificates in browser and signing on server
.NET https requests with different security protocols across threads
Google App Engine SSL error "DNS records could not be found" even though custom domain is working
Check in JavaScript if an SSL Certificate is valid
Tomcat HTTPS keystore certificate
Qt & SSL, Handshake failed
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
ERROR bad Request-Line - Force ssl - rails

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!