wget and ssl certificates
To use certificates with wget, first get the root cerificate for the site.
1. Just have one certificate
You can either go to the site with Firefox, click on the little lock in
the status bar, in the Security tab click View certificate, click on Details,
click on the topmost certificate in the “Certificate Hierarchy”, click on
“Export…” and save as “.pem”.
Now you can use ssl with wget like this:
wget --ca-certificate={the_cert_file} https://www.google.com
2. A directory full of certificates
Or you can have an entire directory full of certificates that wget
can choose from. Useful if you want to use all the certificates
from the KeyChain.app.
If you export all the certificates from KeyChain.app in one go
(you can select multiple and export all at once), then you must
split up the file into individual files for each certificate, and
name the certificates by their hash and a “.0” at the end.
If the certificates from KeyChain.app are saved into the file
Certificates.pem, then this splits these commands splits the
files and renames them.
mkdir certdir
cd certdir
n=0 ; cat ../Certificates.pem | while read x; do if [ "$x" == "-----BEGIN CERTIFICATE-----" ]; then n=$((n+1)); fi; echo >>cert-$n.pem $x ; done
for f in cert-*; do n=$(openssl x509 -hash -in $f -noout); mv $f $n.0; done
cd ..
Now you can use ssl with wget like this:
wget --ca-directory=certdir https://www.google.com
If you want to, you can put the certdir in your ~/.wgetrc file so you
won't have to specify it all the time. Just put the line
ca_directory = {full path to certdir}
and you're done.
Actually, you also need some way to handle revocation of certificates.
But that's for another day.
