19

I am using wget in my program to get some file using HTTP protocol. Here i need to set security so we moved HTTP protocol to HTTPS.

After changing to HTTPS how to perform wget. I mean how to make trusted connection between two machines then perform wget.

I want to make sure that wget can be performed from certain system only.

Siva Gnanam
  • 888
  • 2
  • 10
  • 26

2 Answers2

20

Step 1: SSL Certificates

First things first, if this machine is on the internet and the SSL certificate is signed by a trusted source, there is no need to specify a certificate.

However, if there is a self signed certificate involved things get a little more interesting.

For example:

  • if this machine uses a self signed certificate, or
  • if you are on a network with a proxy that re-encrypts all https connections

Then you need to trust the public key of the self signed certificate. You will need to export the public key as a .CER file. How you got the SSL certificate will determine how you get the public key as a .CER

Once you have the .CER then...

Step 2: Trust the Certificate

I suggest two options:

option one

wget --ca-certificate={the_cert_file_path} https://www.google.com

option two

set the option on ~/.wgetrc

ca_certificate={the_cert_file_path}

Additional resources

Community
  • 1
  • 1
Aaron C
  • 869
  • 10
  • 25
4

macOS users can use the cert.pem file:

wget --ca-certificate=/etc/ssl/cert.pem

or set in your ~/.wgetrc:

ca_certificate = /etc/ssl/cert.pem
Demitri
  • 11,446
  • 4
  • 34
  • 38
  • According to [this page](https://www.gnu.org/software/wget/manual/html_node/Wgetrc-Commands.html#Wgetrc-Commands), if using a `~/.wgetrc` file, the setting is named `ca_certificate` (with an underscore), __not__ `ca-certificate` (with a hyphen) – tony_tiger Mar 31 '20 at 03:26
  • 1
    @tony_tiger Oddly I think `ca-certificate` worked for me, but I'll edit the post since that's what's in the documentation! – Demitri Mar 31 '20 at 04:09