How to use wget with ssl certificate

Question

I am using wget in my program to get some file using HTTP protocol. Here i need to set security so we moved HTTP protocol to HTTPS.

After changing to HTTPS how to perform wget. I mean how to make trusted connection between two machines then perform wget.

I want to make sure that wget can be performed from certain system only.

score 21 · Answer 1 · edited Jun 20 '20 at 09:12

Step 1: SSL Certificates

First things first, if this machine is on the internet and the SSL certificate is signed by a trusted source, there is no need to specify a certificate.

However, if there is a self signed certificate involved things get a little more interesting.

For example:

if this machine uses a self signed certificate, or
if you are on a network with a proxy that re-encrypts all https connections

Then you need to trust the public key of the self signed certificate. You will need to export the public key as a .CER file. How you got the SSL certificate will determine how you get the public key as a .CER

Once you have the .CER then...

Step 2: Trust the Certificate

I suggest two options:

option one

wget --ca-certificate={the_cert_file_path} https://www.google.com

option two

set the option on ~/.wgetrc

ca_certificate={the_cert_file_path}

Additional resources

Blog post about this wget and ssl certificates
wget manual

Demitri · Answer 2 · 2020-03-31T04:09:45.193

5

macOS users can use the cert.pem file:

wget --ca-certificate=/etc/ssl/cert.pem

or set in your ~/.wgetrc:

ca_certificate = /etc/ssl/cert.pem

edited Mar 31 '20 at 04:09

answered Dec 23 '19 at 17:03

Demitri

13,134
4
40
41

According to [this page](https://www.gnu.org/software/wget/manual/html_node/Wgetrc-Commands.html#Wgetrc-Commands), if using a `~/.wgetrc` file, the setting is named `ca_certificate` (with an underscore), __not__ `ca-certificate` (with a hyphen) – tony_tiger Mar 31 '20 at 03:26
1

@tony_tiger Oddly I think `ca-certificate` worked for me, but I'll edit the post since that's what's in the documentation! – Demitri Mar 31 '20 at 04:09

score 0 · Answer 3 · answered Sep 13 '22 at 18:21

On Linux (at least on my Debian and Ubuntu distributions), you can do the following to install your cert to be trusted system-wide.

Assuming your certificate is ~/tmp/foo.pem, do the following:

Install the ca-certificates package, if it is not already present, then do the following to install foo.pem:

$ cd ~/tmp
$ chmod 444 foo.pem
$ sudo cp foo.pem /usr/local/share/ca-certificates/foo.crt
$ sudo update-ca-certificates

Once this is done, most apps (including wget, Python and others) should automatically use it when it is required by the remote site.

The only exception to this I've found has been the Firefox web browser. It has its own private store of certificates, so you need to manually install the cert via its Settings interface if you require it there.

At least this has always worked for me (to install a corporate certificate needed for Internet access into the Linux VMs I create).