How do I fix certificate errors when running wget on an HTTPS URL in Cygwin?

certificate https wget cygwin

For example, running wget https://www.dropbox.com results in the following errors:

ERROR: The certificate of `www.dropbox.com' is not trusted.
ERROR: The certificate of `www.dropbox.com' hasn't got a known issuer.

Solution 1:

If you don't care about checking the validity of the certificate just add the --no-check-certificate option on the wget command-line. This worked well for me.

NOTE: This opens you up to man-in-the-middle (MitM) attacks, and is not recommended for anything where you care about security.

Solution 2:

Looking at current hacky solutions in here, I feel I have to describe a proper solution after all.

First, you need to install the cygwin package ca-certificates via Cygwin's setup.exe to get the certificates.

Do NOT use curl or similar hacks to download certificates (as a neighboring answer advices) because that's fundamentally insecure and may compromise the system.

Second, you need to tell wget where your certificates are, since it doesn't pick them up by default in Cygwin environment. If you can do that either with the command-line parameter --ca-directory=/usr/ssl/certs (best for shell scripts) or by adding ca_directory = /usr/ssl/certs to ~/.wgetrc file.

You can also fix that by running ln -sT /usr/ssl /etc/ssl as pointed out in another answer, but that will work only if you have administrative access to the system. Other solutions I described do not require that.

Solution 3:

If the problem is that a known root CA is missing and when you are using ubuntu or debian, then you can solve the problem with this one line:

sudo apt-get install ca-certificates

Solution 4:

May be this will help: 

wget --no-check-certificate https://blah-blah.tld/path/filename

Solution 5:

First, the SSL certificates need to be installed. Instructions (based on https://stackoverflow.com/a/4454754/278488):

pushd /usr/ssl/certs
curl http://curl.haxx.se/ca/cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "cert" n ".pem"}'
c_rehash

The above is enough to fix curl, but wget requires an extra symlink:

ln -sT /usr/ssl /etc/ssl

Related

How do I deal with localStorage in jest tests?
Configuring diff tool with .gitconfig
Recyclerview inside ScrollView not scrolling smoothly
Mockito + PowerMock LinkageError while mocking system class
How to automate createsuperuser on django?
The term "Add-Migration" is not recognized
how to use javascript Object.defineProperty
How do you set the document title in React?
Is there a word for Energizingness?
Idiom meaning to talk about something everyone already knows
What is the English term to say job quitting?
Can we use "whisky" to describe a squirrel going up a tree?