tisdag 1 februari 2011

wget and ssl certificates

wget and ssl certificates

To use certificates with wget, first get the root cerificate for the site.

1. Just have one certificate

You can either go to the site with Firefox, click on the little lock in
the status bar, in the Security tab click View certificate, click on Details,
click on the topmost certificate in the “Certificate Hierarchy”, click on
“Export…” and save as “.pem”.

Now you can use ssl with wget like this:

wget --ca-certificate={the_cert_file}  https://www.google.com

2. A directory full of certificates

Or you can have an entire directory full of certificates that wget
can choose from. Useful if you want to use all the certificates
from the KeyChain.app.

If you export all the certificates from KeyChain.app in one go
(you can select multiple and export all at once), then you must
split up the file into individual files for each certificate, and
name the certificates by their hash and a “.0” at the end.

If the certificates from KeyChain.app are saved into the file
Certificates.pem, then this splits these commands splits the
files and renames them.

mkdir certdir
cd certdir

n=0 ; cat ../Certificates.pem | while read x; do if [ "$x" == "-----BEGIN CERTIFICATE-----" ]; then n=$((n+1)); fi; echo >>cert-$n.pem $x ; done

for f in cert-*; do n=$(openssl x509 -hash -in $f -noout); mv $f $n.0; done

cd ..

Now you can use ssl with wget like this:

wget --ca-directory=certdir  https://www.google.com
If you want to, you can put the certdir in your ~/.wgetrc file so you
won't have to specify it all the time.  Just put the line

ca_directory = {full path to certdir}
and you're done.

Actually, you also need some way to handle revocation of certificates.
But that's for another day.

3 kommentarer:

  1. I was wondering how to do this myself! I've been struggling with my wildcard ssl cert for a while now, thanks =)

  2. Thank you for explaining all the steps. I was trying to do this but falied because of improper knowledge. This post helped me to learn the complete process.
    digital certificate

  3. Thanks for this i have bookmark the guide just incase i ever have to do this again next time my server crashes cheap wildcard ssl