Wget or curl a self-signed certificate from server

wget curl certificates
10,638

I'm not sure about wget or curl, but the following works if you are only concerned about the public key.

openssl s_client -connect hostname.domain.tld:port 2>&1 </dev/null | sed -ne '/BEGIN CERT/,/END CERT/p'

Generally when they are talking about downloading the certificate, it would be the root certificate. You can find the one for Verisign with the following command, then wget or curl the root cert on to your system to authenticate with Verisign certificates. In this case, it's specifically the "VeriSign Class 3 Extended Validation SSL SGC CA" Root.

$ openssl s_client -connect verisign.com:443 2>&1 </dev/null | openssl x509 -noout -text | grep "CA Issuers"
            CA Issuers - URI:http://EVIntl-aia.verisign.com/EVIntl2006.cer

The above command should work for nearly any server displaying a chained certificate.

Share:
10,638

Related videos on Youtube

Paul FREAKN Baker
Author by

Paul FREAKN Baker

Updated on September 18, 2022

Comments

  • Paul FREAKN Baker
    Paul FREAKN Baker over 1 year

    From my browser, I can browse to a machine in my companies local intranet and (after marking the certificate as trusted) export that certificate to a file. I'm trying to automate this process into a shellscript so I can make my life a little easier when using various commandline tools without throwing security out the window.

    Trying to google this topic has been difficult and has mainly yielded results about how to trust a certificate you have already downloaded while using wget or curl, but that's not what I need in this case. How can I download the server's public self-signed certificate to a local file via wget or curl?

    • derobert
      derobert almost 10 years
      BTW: Your company ought to generate its own CA, then use that to sign all its internal certificates. You then install only that CA's public key on your machine, not a self-signed cert for each server.
    • Paul FREAKN Baker
      Paul FREAKN Baker almost 10 years
      Thanks for the tip, I'll try to pass it along but those in charge may not care enough to actually do anything about it
  • Paul FREAKN Baker
    Paul FREAKN Baker almost 10 years
    That works perfectly. There is a small typo, sed is missing a - before the ne options but that works and is exactly what I need. Thank you.
  • Falsenames
    Falsenames almost 10 years
    Fixed the typo. It was correct in the latter one. Sorry about that, but glad it worked out in the end.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I update certificates on my system to fix wget's error: "Unable to establish SSL connection."?
Adding a self-signed certificate to the "trusted list"
Batch script get html site and parse content (without wget, curl or other external app)
Downloading .sh files through Terminal
Command line URL fetch with JavaScript capabliity
Wget or similar for Android
"Curl : (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
convert wget cron command to curl
Download docker image from artifactory using curl or wget..?
wget to download a link.php