Well, how wget is supposed to know if index.php/my/pretty is actually not a directory? This is not obvious at all from HTTP client's perspective.
Maybe you can wget --exclude-directories to work around this? Or maybe check wget -nd, which will create a flat set of files (not a directory tree). Check these out.
In order to download the certificate, you need to use the client built into openssl like so:
echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME \
| openssl x509 > /tmp/$SERVERNAME.cert
That will save the certificate to /tmp/$SERVERNAME.cert.
The -servername is used to select the correct certificate when multiple are presented, in the case of SNI.
You can use -showcerts if you want to download all the certificates in the chain. But if you just want to download the server certificate, there is no need to specify -showcerts. The x509 at the end will strip out the intermediate certs, you will need to use sed -n '/-----BEGIN/,/-----END/p' instead of the x509 at the end.
echo -n gives a response to the server, so that the connection is released
openssl x509 removes information about the certificate chain and connection details. This is the preferred format to import the certificate into other keystores.
Best Answer
Careful
Before running the script, do you trust the person who wrote it?
For example, did you expect the script to contain this?
That will try to change your hostname.
For future reference, if, after verifying the script is correct and not malicious, you can run it in one line like this:
But download it separately and read it before running it the first time.
Also note that interactive prompts inside the downloaded script may not work properly using this method.