I have a problem with my Fedora 8 installation. It looks that wget
doesn't know how to verify SSL certificates any more. It's strange because I have another Fedora 8 box which I believe has the same configuration and it works!
How can I make it work without using --no-check-certificate
switch?
This is a sample output:
wget https://www.google.com
--2011-09-23 00:11:13-- https://www.google.com/
Resolving www.google.com... 74.125.230.146, 74.125.230.147, 74.125.230.148, ...
Connecting to www.google.com|74.125.230.146|:443... connected.
ERROR: cannot verify www.google.com's certificate, issued by `/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA':
Unable to locally verify the issuer's authority.
To connect to www.google.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
EDIT
I have this file /etc/pki/tls/certs/ca-bundle.crt
file and when I run wget
with --ca-certificate
switch pointing to this file everything goes fine. Where should this file be placed so that I don't need to use the switch?
BTW: curl
and links
work fine, but lynx
also complains: "SSL error:unable to get local issuer certificate" so this is not only wget
's issue…
Best Answer
By default wget will check for certificates in the path defined in openssl conf file /etc/pki/tls/openssl.cnf (no sure whether the path is correct for fc8). Please check the openssl configuration file and confirm that the paths are correct. May be it is openssl, that need to be corrected.