Login/Register
How to use wget with ssl certificate
Asked Answered
sslcertificatewgettrustedconnection
A

3

27

I am using wget in my program to get some file using HTTP protocol. Here i need to set security so we moved HTTP protocol to HTTPS.

After changing to HTTPS how to perform wget. I mean how to make trusted connection between two machines then perform wget.

I want to make sure that wget can be performed from certain system only.

Anglaangle answered 9/3, 2014 at 12:11 Comment(0)
T
26

Step 1: SSL Certificates

First things first, if this machine is on the internet and the SSL certificate is signed by a trusted source, there is no need to specify a certificate.

However, if there is a self signed certificate involved things get a little more interesting.

For example:

  • if this machine uses a self signed certificate, or
  • if you are on a network with a proxy that re-encrypts all https connections

Then you need to trust the public key of the self signed certificate. You will need to export the public key as a .CER file. How you got the SSL certificate will determine how you get the public key as a .CER

Once you have the .CER then...

Step 2: Trust the Certificate

I suggest two options:

option one

wget --ca-certificate={the_cert_file_path} https://www.google.com

option two

set the option on ~/.wgetrc

ca_certificate={the_cert_file_path}

Additional resources

Trefler answered 23/5, 2018 at 17:25 Comment(0)
W
6

macOS users can use the cert.pem file:

wget --ca-certificate=/etc/ssl/cert.pem

or set in your ~/.wgetrc:

ca_certificate = /etc/ssl/cert.pem
Wilhelminawilhelmine answered 23/12, 2019 at 17:3 Comment(2)
According to this page, if using a ~/.wgetrc file, the setting is named ca_certificate (with an underscore), not ca-certificate (with a hyphen)Higherup
@Higherup Oddly I think ca-certificate worked for me, but I'll edit the post since that's what's in the documentation!Wilhelminawilhelmine
C
2

On Linux (at least on my Debian and Ubuntu distributions), you can do the following to install your cert to be trusted system-wide.

Assuming your certificate is ~/tmp/foo.pem, do the following:

Install the ca-certificates package, if it is not already present, then do the following to install foo.pem:

$ cd ~/tmp
$ chmod 444 foo.pem
$ sudo cp foo.pem /usr/local/share/ca-certificates/foo.crt
$ sudo update-ca-certificates

Once this is done, most apps (including wget, Python and others) should automatically use it when it is required by the remote site.

The only exception to this I've found has been the Firefox web browser. It has its own private store of certificates, so you need to manually install the cert via its Settings interface if you require it there.

At least this has always worked for me (to install a corporate certificate needed for Internet access into the Linux VMs I create).

Crenelate answered 13/9, 2022 at 18:21 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.