发表新帖
发表新帖

How do I fix certificate errors when running wget on an HTTPS URL in Cygwin?

前端 未结
关注
10 1259
遥遥无期
遥遥无期 2020-12-07 07:40

For example, running wget https://www.dropbox.com results in the following errors:

ERROR: The certificate of `www.dropbox.com\' is not trusted.
相关标签:
10条回答
  • 一个人的身影
    2020-12-07 07:51

    I had a similar problem with wget to my own live web site returning errors after installing a new SSL certificate. I'd already checked several browsers and they didn't report any errors:

    wget --no-cache -O - "https://example.com/..." ERROR: The certificate of ‘example.com’ is not trusted. ERROR: The certificate of ‘example.com’ hasn't got a known issuer.

    The problem was I had installed the wrong certificate authority .pem/.crt file from the issuer. Usually they bundle the SSL certificate and CA file as a zip file, but DigiCert email you the certificate and you have to figure out the matching CA on your own. https://www.digicert.com/help/ has an SSL certificate checker which lists the SSL authority and the hopefully matching CA with a nice blue link graphic if they agree:

    `SSL Cert: Issuer GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1

    CA: Subject GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1 Valid from 16/Jul/2020 to 31/May/2023 Issuer DigiCert Global Root CA`

    0 讨论(0)
  • 耶瑟儿~
    2020-12-07 07:52

    If the problem is that a known root CA is missing and when you are using ubuntu or debian, then you can solve the problem with this one line:

    sudo apt-get install ca-certificates
    0 讨论(0)
  • 有刺的猬
    2020-12-07 07:56

    I have the similar problem and fixed it by temporarily disabling my antivirus(Kaspersky Free 18.0.0.405). This AV has HTTPS interception module that automatically self-sign all certificates it finds in HTTPS responses.

    Wget from Cygwin does not know anything about AV root certificate, so when it finds that website's certificate was signed with non trust certificate it prints that error.

    To fix this permanently without disabling AV you should copy the AV root certificate from Windows certificate store to /etc/pki/ca-trust/source/anchors as .pem file(base64 encoding) and run update-ca-trust

    0 讨论(0)
  • 孤城傲影
    2020-12-07 07:57

    May be this will help: 

    wget --no-check-certificate https://blah-blah.tld/path/filename
    0 讨论(0)
  • 温柔的废话
    2020-12-07 08:00

    Looking at current hacky solutions in here, I feel I have to describe a proper solution after all.

    First, you need to install the cygwin package ca-certificates via Cygwin's setup.exe to get the certificates.

    Do NOT use curl or similar hacks to download certificates (as a neighboring answer advices) because that's fundamentally insecure and may compromise the system.

    Second, you need to tell wget where your certificates are, since it doesn't pick them up by default in Cygwin environment. If you can do that either with the command-line parameter --ca-directory=/usr/ssl/certs (best for shell scripts) or by adding ca_directory = /usr/ssl/certs to ~/.wgetrc file.

    You can also fix that by running ln -sT /usr/ssl /etc/ssl as pointed out in another answer, but that will work only if you have administrative access to the system. Other solutions I described do not require that.

    0 讨论(0)
  • 暖寄归人
    2020-12-07 08:02 
    apt-get install ca-certificates

    The s makes the difference ;)

    0 讨论(0)
 看不清?
提交回复
热议问题