Zitat von Wallance Hou <[email protected]>:
Currently Does wget new version support or verify SAN/UCC SSL
certificate? If yes, but I tried to install wget 1.13.x, but there
still was issue as below. (gnutls-2.12.14 without p11-kit-1), Please
advie.
[root@xx-linux wget-1.13.4]# wget -v -O xx https://www.verisign.net
--2011-11-23 19:07:54-- https://www.verisign.net/
Resolving www.verisign.net (www.verisign.net)... 69.58.181.89
Connecting to www.verisign.net
(www.verisign.net)|69.58.181.89|:443... connected.
ERROR: The certificate of `www.verisign.net' is not trusted.
ERROR: The certificate of `www.verisign.net' hasn't got a known issuer.
[root@xx-linux wget-1.13.4]#
Hi Wallace,
No idea what SAN/UCC means.
The wget messages look like it did not find the so-called CA
certificates which are needed for the verification of the server
certificates. It it possible that you have a CA-certificates pack on
your Linux (as part of installed SSL/TLS libraries), it is often seen
under a name like ca-bundle.crt or similar. I am not familiar enough
with gnutls (I have my SSL-capable programs usually installed with
OpenSSL) to know if this can be configured to automatically use such a
file, but in any case you can give it to wget with the parameter
--ca-certificate=/path/to/file.
Best Regards,
J.Roderburg
