Re: wget ssl certificate problem

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Butash via PLUG-discuss
Date:  
To: Main PLUG discussion list
CC: Michael Butash
Subject: Re: wget ssl certificate problem
Some quick searching as I don't often use wget, it looks like it doesn't
use local system certs, and has no inherent trust to certs at all. If you
search "wget ssl certificates" like I just did, you see others posting how
to skip the check and trust anyways, and various discussions wtf this is
even a thing still. Weird software caveat I'd say it doesn't just
reference system cert trusts, or just hasn't felt the need to be updated in
20 years because you know, security is meh.

-mb



On Sat, Sep 17, 2022 at 10:40 AM Jim via PLUG-discuss <
> wrote:

> It's not just ww.gutenberg.org. That's an example of what happens no
> matter what site I try to use wget on. About the truststore, how do I add
> to or update it? I decided to ask for help after trying to install
> openwebrx following the instructions here.
> https://www.openwebrx.de/download/ubuntu.php Also I found out today that
> something similar happens with youtube-dl. I tried to use it today and
> this is what happened. Youtube-dl works if I use the
> --no-check-certificate option.
>
> $ youtube-dl https://www.youtube.com/watch?v=VW3XQDDGhA4
> [youtube] VW3XQDDGhA4: Downloading webpage
> WARNING: Unable to download webpage: <urlopen error [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate ver
> ify failed: unable to get local issuer certificate (_ssl.c:1131)>
> [youtube] VW3XQDDGhA4: Downloading API JSON
> ERROR: Unable to download API page: <urlopen error [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate veri
> fy failed: unable to get local issuer certificate (_ssl.c:1131)> (caused
> by URLError(SSLCertVerifica
> tionError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
> unable to get local issuer
> certificate (_ssl.c:1131)')))
>
>
>
> On 9/16/22 17:33, James Mcphee via PLUG-discuss wrote:
>
> check out the verification of the cert chain. it works for me with a new
> build of 20.04, so it might be that you need to add or update your
> truststore.
> openssl s_client -connect www.gutenberg.org:443 < /dev/null | openssl
> x509 -text -noout
>
> up there at the top, this is what it looks like when it works
> depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
> Network, CN = USERTrust RSA Certification Authority
> verify return:1
> depth=1 C = US, ST = VA, L = Herndon, O = Network Solutions L.L.C., CN =
> Network Solutions OV Server CA 2
> verify return:1
> depth=0 C = US, ST = Utah, L = Salt Lake City, O = Project Gutenberg
> Literary Archive Foundation, CN = *.gutenberg.org
> verify return:1
> DONE
>
> I can see that i have that usertrust network cert in /etc/ssl/certs, so
> all is good. if i had to add one i'd have then run update-ca-certicates.
>
> On Fri, Sep 16, 2022 at 2:17 PM Jim via PLUG-discuss <
> > wrote:
>
>> This has been bugging me for a while, but today it's annoying me to the
>> point I want to fix it. Wget gives me an error whenever I try to use it.
>> I have no problem getting files using a web browser. Here's an example.
>> Using firefox I was able to download the file, but this can be a pain in
>> the butt when I'm trying to add a repository. I have Ubuntu 20.04
>> installed.
>>
>>
>> $ wget https://www.gutenberg.org/ebooks/68992.epub.images
>> --2022-09-16 14:08:02--
>> https://www.gutenberg.org/ebooks/68992.epub.images
>> Resolving www.gutenberg.org (www.gutenberg.org)... 152.19.134.47,
>> 2610:28:3090:3000:0:bad:cafe:47
>> Connecting to www.gutenberg.org (www.gutenberg.org)|152.19.134.47|:443...
>> connected.
>> ERROR: cannot verify www.gutenberg.org's certificate, issued by
>> ‘CN=Network Solutions OV Server CA 2
>> ,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US’:
>> Self-signed certificate encountered.
>> To connect to www.gutenberg.org insecurely, use `--no-check-certificate'.
>>
>> Any idea how to fix this? thanks
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list:
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
> James McPhee
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list:
> To subscribe, unsubscribe, or to change your mail settings:https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list:
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss