Ok, Still Many thanks for your kind reply. :) What a big Headache with SAN/UCC!!!
Best Regards Wallance hou Bleum Incorporated Wallance Hou Network Engineer Email: [email protected] Cloud-9 Mansion 19F Tel: 86-21-62821122 1118 West Yan'an Road. Shanghai, P.R.C. 200052 This email may contain confidential information and/or copyright material. This email and any attachments are solely for the intended recipient. If you are not the intended recipient, disclosure, copying, use or distribution of the information included in this message may be unlawful. please advise the sender immediately by using the reply facility in your email software, and immediately and permanently delete. Thank you for your cooperation. -----Original Message----- From: Jochen Roderburg [mailto:[email protected]] Sent: Friday, November 25, 2011 5:23 AM To: Wallance Hou Cc: [email protected] Subject: RE: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7 Zitat von Wallance Hou <[email protected]>: > Currently Does wget new version support or verify SAN/UCC SSL > certificate? If yes, but I tried to install wget 1.13.x, but there > still was issue as below. (gnutls-2.12.14 without p11-kit-1), Please > advie. > > [root@xx-linux wget-1.13.4]# wget -v -O xx https://www.verisign.net > --2011-11-23 19:07:54-- https://www.verisign.net/ > Resolving www.verisign.net (www.verisign.net)... 69.58.181.89 > Connecting to www.verisign.net > (www.verisign.net)|69.58.181.89|:443... connected. > ERROR: The certificate of `www.verisign.net' is not trusted. > ERROR: The certificate of `www.verisign.net' hasn't got a known issuer. > [root@xx-linux wget-1.13.4]# Hi Wallace, No idea what SAN/UCC means. The wget messages look like it did not find the so-called CA certificates which are needed for the verification of the server certificates. It it possible that you have a CA-certificates pack on your Linux (as part of installed SSL/TLS libraries), it is often seen under a name like ca-bundle.crt or similar. I am not familiar enough with gnutls (I have my SSL-capable programs usually installed with OpenSSL) to know if this can be configured to automatically use such a file, but in any case you can give it to wget with the parameter --ca-certificate=/path/to/file. Best Regards, J.Roderburg
