wget, self-signed certs and a custom HTTPS server

Question

For various reasons I have created a simple HTTP server, and added SSL support via OpenSSL. I\'m using self-signed certificates. IE, Firefox and Chrome happily load content as

Answer 1

You can also install trusted root CA certificates into OpenSSL in one of a number of ways:

• Put your CA certificate in /etc/pki/tls/certs or equivalent directory, then create a link based on the certificate hash. See http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl for details.
• Append your CA certificate to /etc/pki/tls/certs/ca-bundle.crt, /etc/pki/tls/cert.pem, or equivalent CA bundle.

Answer 2

I checked the man page of wget, and --no-check-certificate only seems to affect the server certificate. You need to specify your self-signed certificate as a valid CA certificate locally.

To do this, specify the certificate as --ca-certificate=... in wget and -CAfile in the s_client case.