Re: wget & certificates
On Thu, 02 Jun 2011 15:22:46 +0200, Kamil Jońca wrote:
> Camaleón <noelamac@gmail.com> writes:
>
>> On Thu, 19 May 2011 07:27:34 +0200, Kamil Jońca wrote:
>>
>>> Validation SSL SGC CA':
>>> Unable to locally verify the issuer's authority.
>>> To connect to www.centrum24.pl insecurely, use
>>> `--no-check-certificate'.
>>
>> Wget cannot validate the CA and thus drops the connection.
>>
>> You can:
>>
>> 1/ Discard "https://" and use plain "http" (unencrypted channel) as
>> suggested (don't do this unless you trust the site you are connecting
>> to)
> I want to use encrypted channel.
Fair enough :-)
Just for testing purposes, what happens when you run this?
wget --no-check-certificate https://www.centrum24.pl/bzwbkonline/eSmart.html?typ=90&lang=pl
(note that should still getting through the encrypted channel)
Moreover, are you getting the same error with another "https://" site?
I.e.: wget https://www.google.com
>> 2/ Install "ca-certificates" package and point wget so it can find it
>> (wget --ca-certificate=/usr/share/ca-certificates/cacert.org/
>> cacert.org.crt ...)
>
> "ca-certificates" were installed earlier. MOreover using
> --ca-certificate option (ie.
>
> --8<---------------cut here---------------start------------->8--- wget
> -v -x
> --ca-certificate=/usr/share/ca-certificates/mozilla/
VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
> 'https://www.centrum24.pl/bzwbkonline/eSmart.html?typ=90&lang=pl'
> --8<---------------cut here---------------end--------------->8---
> doesn't change wget's behavior; still wants to open
> "/usr/lib/ssl/certs/415660c1.?" )
Why are you pointing to that cert specifically? :-?
> Moreover i noticed that fetchmail on one of my accounts shows the same -
> cannot validate CA :(
That's weird.
Greetings,
--
Camaleón
Reply to: