Wget, self signed cert and --no-check-certificate not working

linux centos ssl openssl wget
20,137

Looking at the wget's error output and command line, the problem here is not the client-side certificate verification. It seems the server machine rejects the connection. This may be due to wget not presenting a required client certificate to the server (check if your other browser have it), this particular user agent being rejected, etc.

I'd rather check server's log.

Share:
20,137

Related videos on Youtube

Minelr G
Author by

Minelr G

Updated on September 18, 2022

Comments

  • Minelr G
    Minelr G over 1 year

    I recently installed a self signed SSL cert on one of our nginx webservers. If I attempt to wget a file with --no-check-certificate I receive the errors below. You can reach the site with a browser, the browser will recognize that it is self signed, and the cert displays all of the correct information. It seems based on the message I should find a way to trust the cert locally, but doesn't that defeat the purpose of --no-check-certificate? 

    $ wget https://www.example.com/index.html --no-check-certificate
--2015-02-20 14:13:58--  https://www.example.com/index.html
Resolving example.com... 192.0.2.1
Connecting to example.com|192.0.2.1|:443... connected.
WARNING: cannot verify example.com’s certificate, issued by “/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA”:
  Unable to locally verify the issuer’s authority.
WARNING: no certificate subject alternative name matches
    requested host name “example.com”.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

    Any ideas would be greatly appreciated.

    • ravi yarlagadda
      ravi yarlagadda about 9 years
      It's warning about the cert but that isn't preventing it from sending a request - it looks like instead of responding to the HTTP request, the server is cutting off the connection - can you do a packet capture to verify, and maybe look in the server's logs to determine what's going on there? Are you making the exact same request, for /index.html, in the browser?
    • Minelr G
      Minelr G about 9 years
      Yes, I am making the same request in the browser. I'll have to wait until Monday to get a packet capture from that server(client's not ours unfortunately). I'll post the packet capture as soon as I can. Thank you for the advice!
  • Minelr G
    Minelr G about 9 years
    You were right as the issue was on the server's side. Unfortunately the client seems to have adjusted something over the weekend because the problem has vanished....gotta love those

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Wget over SSL gives: Unable to establish SSL connection
How to upgrade OpenSSL in CentOS 6.5 / Linux / Unix from source?
/usr/local/ssl/lib/libcrypto.a: could not read symbols: Bad value
No reference to BIO-functions when linking OpenSSL
wget: where does it look for certificates?
postfix smtp connection timed out, why?
OpenSSL: socket: Connection refused connect:errno=111 Cent OS
Diagnose internet connection issues using command line
Linux openssl CN/Hostname verification against SSL certificate
Permissions for SSL key?