Why does the browser say "Identity verified" while wget doesn't work?

B

Boris Benkovsky2015-01-03 00:05:26

Digital certificates

Boris Benkovsky, 2015-01-03 00:05:26

Go to https://www.dotdeb.org/gyazo.com/d606e384f0a72f07fb26979fc0ac45cc
Now
try downloading it without ignoring certificate verification

wget https://www.dotdeb.org/
--2015-01-03 00:00:25--  https://www.dotdeb.org/
Resolving www.dotdeb.org... 195.154.242.153
Connecting to www.dotdeb.org|195.154.242.153|:443... connected.
ERROR: cannot verify www.dotdeb.org's certificate, issued by '/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA':
  Unable to locally verify the issuer's authority.
To connect to www.dotdeb.org insecurely, use `--no-check-certificate'.

UPD: I have MacOS.
I downloaded the site certificate, marked it as "trust always". Now even in the window for viewing the site certificate there is a corresponding mark. But wget still doesn't work. Maybe he has a different keystore? O_O

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ilya Evseev, 2015-01-03
@IlyaEvseev

1) The browser uses its own and system-wide storage, while wget only uses system-wide (via the OpenSSL library).
2) Browser storage is updated with the browser, i.e. often, and you can add entries to it manually.
3) System-wide in Linux is usually deployed from the ca-certificates package.
4) Solution for MacOSX: superuser.com/a/451857

sudo port install curl-ca-bundle
echo CA_CERTIFICATE=/opt/local/share/curl/curl-ca-bundle.crt >> ~/.wgetrc

5) If the curl-ca-bundle does not contain the required certificate, you can try downloading the latest manually from CACert.org -- see www.macfreek.nl/memory/Install_CA_Certificates