I recently added a commercial SSL cert to my website and also had to use a .htaccess file to redirect all connections to https. Since doing this, WGET no longer works. I tried changing the Windows scheduled task from:
I forgot to mention I'm using a Windows Server 2003 box.
I found the following while googling:
...
SSL certificates
Current versions of OpenSSL do not come with root certificates. This means when trying to download over SSL, wget will give you errors such as
Unable to locally verify the issuer's authority.
ERROR: certificate common name dnsname' doesn't match requested host namednsname'.
Either you can use the suggested --no-check-certificate to skip authentication - only use this if you only need encryption functionality, and not authentication. The alternative is to get a set of root certificates and pass it to wget with --ca-certificate file.crt. The problem is then to get a correct root certificate bundle first. The following link has a perl script which will download root certificates from Mozilla and convert them to a wget usable certificate bundle (you'll need Perl, typically
Do not trust other people to give you a set of root certificates. This means you should not trust this site (but it no longer offers certificates anyway). Audit any sources you download root certificates from, audit the tools you use to process certificates (including the mk-ca-bundle.pl script linked above).
The official source for root certificates is your Windows install media and Windows Update (remember to update the root certificates regularly), though this set is not used by wget and many other Windows tools.
Furthermore, the Windows makefiles for wget refer to the certificate bundles available at http://curl.haxx.se/docs/caextract.html (which are extracted from Mozilla as well).
...
I do not know how to use the script that downloads and converts the certs. I tried changing the shebang line to that of my Perl location and I tried running it from the command line and from the Internet. Nothing happens from the command line but I get a 500 internal server error from the Internet.
Anyone know how to get the the bundle cert?
Last edit: jeffshead 2012-07-31
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Can https be used with WGET for Windows?
I recently added a commercial SSL cert to my website and also had to use a .htaccess file to redirect all connections to https. Since doing this, WGET no longer works. I tried changing the Windows scheduled task from:
To:
The scheduled task still fails. I do not know how to troubleshoot. I searched the forums but did not find anything.
Thank you for taking the time :)
Jeff
Last edit: jeffshead 2012-07-31
I forgot to mention I'm using a Windows Server 2003 box.
I found the following while googling:
...
SSL certificates
Current versions of OpenSSL do not come with root certificates. This means when trying to download over SSL, wget will give you errors such as
Unable to locally verify the issuer's authority.
ERROR: certificate common name
dnsname' doesn't match requested host namednsname'.Either you can use the suggested --no-check-certificate to skip authentication - only use this if you only need encryption functionality, and not authentication. The alternative is to get a set of root certificates and pass it to wget with --ca-certificate file.crt. The problem is then to get a correct root certificate bundle first. The following link has a perl script which will download root certificates from Mozilla and convert them to a wget usable certificate bundle (you'll need Perl, typically
ActivePerl).
http://www.floodgap.com/software/ttytter/mk-ca-bundle.txt
Do not trust other people to give you a set of root certificates. This means you should not trust this site (but it no longer offers certificates anyway). Audit any sources you download root certificates from, audit the tools you use to process certificates (including the mk-ca-bundle.pl script linked above).
The official source for root certificates is your Windows install media and Windows Update (remember to update the root certificates regularly), though this set is not used by wget and many other Windows tools.
Furthermore, the Windows makefiles for wget refer to the certificate bundles available at http://curl.haxx.se/docs/caextract.html (which are extracted from Mozilla as well).
...
I do not know how to use the script that downloads and converts the certs. I tried changing the shebang line to that of my Perl location and I tried running it from the command line and from the Internet. Nothing happens from the command line but I get a 500 internal server error from the Internet.
Anyone know how to get the the bundle cert?
Last edit: jeffshead 2012-07-31