[SOLVED] Jessie wget: certificate not trusted, was: Jessie iceweasel: This Connection is Untrusted
Hi,
mett wrote:
> the final solution is:
> -disable the certs with an ! before the cert name
> (vi /etc/ca-certificates.conf: !DST_Root_CA_X3.crt)
> -then, rebuild the cert directory (update-ca-certificates --fresh)
Indeed this brought success with wget on the Debian 8 machine.
$ wget https://lists.debian.org
...
2021-10-04 11:48:12 (7.34 MB/s) - ‘index.html’ saved [7533/7533]
$
I copied
/usr/share/ca-certificates
/etc/ca-certificates.conf
/etc/ssl/certs
from the Debian 10 machine (dist-upgraded last week) to the Debian 8.
But with or without a run of
update-ca-certificates --fresh
wget did not work.
The proposal of mett finally got wget to download lists.debian.org with
certificate check enabled.
Now i am puzzled why this operation is not necessary on Debian 10 from
where the file /etc/ca-certificates.conf was copied.
The entry is in /etc/ca-certificates.conf,
DST_Root_CA_X3.crt exists in /usr/share/ca-certificates,
the link DST_Root_CA_X3.pem exists in /etc/ssl/certs.
Nevertheless wget works on my Debian 10 with https://lists.debian.org.
> -then, restart your servers.
I am not aware of any servers on the Debian 8 machine which would have to
do with certificates. I had not to restart anything after
update-ca-certificates --fresh
wget worked immediately after.
Do SSL clients depend on a local service ?
Have a nice day :)
Thomas
Reply to: