|
From: | Jochen Roderburg |
Subject: | Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7 |
Date: | Thu, 24 Nov 2011 22:23:15 +0100 |
User-agent: | Dynamic Internet Messaging Program (DIMP) H3 (1.1.4) |
Zitat von Wallance Hou <address@hidden>:
Currently Does wget new version support or verify SAN/UCC SSL certificate? If yes, but I tried to install wget 1.13.x, but there still was issue as below. (gnutls-2.12.14 without p11-kit-1), Please advie.address@hidden wget-1.13.4]# wget -v -O xx https://www.verisign.net --2011-11-23 19:07:54-- https://www.verisign.net/ Resolving www.verisign.net (www.verisign.net)... 69.58.181.89Connecting to www.verisign.net (www.verisign.net)|69.58.181.89|:443... connected.ERROR: The certificate of `www.verisign.net' is not trusted. ERROR: The certificate of `www.verisign.net' hasn't got a known issuer. address@hidden wget-1.13.4]#
Hi Wallace, No idea what SAN/UCC means.The wget messages look like it did not find the so-called CA certificates which are needed for the verification of the server certificates. It it possible that you have a CA-certificates pack on your Linux (as part of installed SSL/TLS libraries), it is often seen under a name like ca-bundle.crt or similar. I am not familiar enough with gnutls (I have my SSL-capable programs usually installed with OpenSSL) to know if this can be configured to automatically use such a file, but in any case you can give it to wget with the parameter --ca-certificate=/path/to/file.
Best Regards, J.Roderburg
[Prev in Thread] | Current Thread | [Next in Thread] |