I recently installed a self signed SSL cert on one of our nginx webservers. If I attempt to wget a file with --no-check-certificate I receive the errors below. You can reach the site with a browser, the browser will recognize that it is self signed, and the cert displays all of the correct information. It seems based on the message I should find a way to trust the cert locally, but doesn't that defeat the purpose of –no-check-certificate?
$ wget https://www.example.com/index.html --no-check-certificate
--2015-02-20 14:13:58-- https://www.example.com/index.html
Resolving example.com... 192.0.2.1
Connecting to example.com|192.0.2.1|:443... connected.
WARNING: cannot verify example.com’s certificate, issued by “/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA”:
Unable to locally verify the issuer’s authority.
WARNING: no certificate subject alternative name matches
requested host name “example.com”.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
Any ideas would be greatly appreciated.
Best Answer
Looking at the wget's error output and command line, the problem here is not the client-side certificate verification. It seems the server machine rejects the connection. This may be due to wget not presenting a required client certificate to the server (check if your other browser have it), this particular user agent being rejected, etc.
I'd rather check server's log.