This one time, at band camp, Voytek Eymont wrote:
>
>On Tue, November 20, 2007 2:29 pm, Erik de Castro Lopo wrote:
>> Voytek Eymont wrote:
>
>>> this works wget --no-check-certificate
>>
>> See the wget manpage. Directly below the information about the
>> "--no-check-certificate" option is the option you want.
>
>Erik, thanks
>
> --certificate=FILE client certificate file.
>
>do I need to generate one, or where do I find it ?
Hang on, a client certificate might mean the certificate that wget uses to
vreify its identity to the server. You might not want to have a two way SSL
verification.
You want to find the option that lets you specify a certificate or a CA
certificate to validate the server against.
When you open the SSL connection, you've got two ends.
[browser] ----- [server]
The normal operation of SSL on the web, the browser wants to validate the
server's certificate against a local copy:
[Cert]
|
[browser] <-----[cert] [server]
Sometimes, you can specify a certificate to send to the server, from your
browser, to let the server verify you. Like maybe HTTP basic auth, but
obviously done at the socket layer and not through the application.
[browser] [cert] -----> [server]
|
[cert]
This is probably what you don't want to do, and probably what a commandline
option described as "the client certificate" does.
Let's read the manpage:
--certificate=file
Use the client certificate stored in file. This is needed for
servers that are configured to require certificates from the
clients that connect to them. Normally a certificate is not
required and this switch is optional.
Zing! Science wins again!
How about:
--ca-certificate=file
--ca-directory=directory
Look for the locatoin of your certs.pem (probably /etc/ssl/certs) and
specify either the pem, or the directory. This will instruct wget to look
in these places for the certificate to validate the server against.
However, in the ca-directory option:
Without this option Wget looks for CA certificates at the system-
specified locations, chosen at OpenSSL installation time.
Does wget not work if you have no options?
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
