Use of https in terminal fails [closed]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












Use of http in terminal seems to work fine.



But when I tried the same using https, it fails.



When I try to get the same location with wget. http works but https results in error - ERROR: Can not verify certificate attribute and fails.



There seems to be no problem with proxy, everything is configured properly.



Its not only wget even yum command and all other commands fails with https.
Can someone explain the cause of this?










share|improve this question













closed as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.














  • Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
    – Peschke
    Nov 26 at 8:25











  • Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
    – Ulrich Schwarz
    Nov 26 at 8:42










  • A quick workaround could probably be --no-check-certificate
    – Panki
    Nov 26 at 10:03










  • @Peschke I have placed the certificate in the certificate store. In centos its /etc/pki/ca-trust/source/anchors/ . But still results in error.
    – Arun Prakash
    Nov 26 at 10:28










  • @UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
    – Arun Prakash
    Nov 26 at 10:28















up vote
0
down vote

favorite












Use of http in terminal seems to work fine.



But when I tried the same using https, it fails.



When I try to get the same location with wget. http works but https results in error - ERROR: Can not verify certificate attribute and fails.



There seems to be no problem with proxy, everything is configured properly.



Its not only wget even yum command and all other commands fails with https.
Can someone explain the cause of this?










share|improve this question













closed as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.














  • Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
    – Peschke
    Nov 26 at 8:25











  • Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
    – Ulrich Schwarz
    Nov 26 at 8:42










  • A quick workaround could probably be --no-check-certificate
    – Panki
    Nov 26 at 10:03










  • @Peschke I have placed the certificate in the certificate store. In centos its /etc/pki/ca-trust/source/anchors/ . But still results in error.
    – Arun Prakash
    Nov 26 at 10:28










  • @UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
    – Arun Prakash
    Nov 26 at 10:28













up vote
0
down vote

favorite









up vote
0
down vote

favorite











Use of http in terminal seems to work fine.



But when I tried the same using https, it fails.



When I try to get the same location with wget. http works but https results in error - ERROR: Can not verify certificate attribute and fails.



There seems to be no problem with proxy, everything is configured properly.



Its not only wget even yum command and all other commands fails with https.
Can someone explain the cause of this?










share|improve this question













Use of http in terminal seems to work fine.



But when I tried the same using https, it fails.



When I try to get the same location with wget. http works but https results in error - ERROR: Can not verify certificate attribute and fails.



There seems to be no problem with proxy, everything is configured properly.



Its not only wget even yum command and all other commands fails with https.
Can someone explain the cause of this?







networking terminal http https






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 26 at 8:07









Arun Prakash

115




115




closed as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.






closed as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.













  • Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
    – Peschke
    Nov 26 at 8:25











  • Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
    – Ulrich Schwarz
    Nov 26 at 8:42










  • A quick workaround could probably be --no-check-certificate
    – Panki
    Nov 26 at 10:03










  • @Peschke I have placed the certificate in the certificate store. In centos its /etc/pki/ca-trust/source/anchors/ . But still results in error.
    – Arun Prakash
    Nov 26 at 10:28










  • @UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
    – Arun Prakash
    Nov 26 at 10:28

















  • Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
    – Peschke
    Nov 26 at 8:25











  • Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
    – Ulrich Schwarz
    Nov 26 at 8:42










  • A quick workaround could probably be --no-check-certificate
    – Panki
    Nov 26 at 10:03










  • @Peschke I have placed the certificate in the certificate store. In centos its /etc/pki/ca-trust/source/anchors/ . But still results in error.
    – Arun Prakash
    Nov 26 at 10:28










  • @UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
    – Arun Prakash
    Nov 26 at 10:28
















Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25





Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25













Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42




Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42












A quick workaround could probably be --no-check-certificate
– Panki
Nov 26 at 10:03




A quick workaround could probably be --no-check-certificate
– Panki
Nov 26 at 10:03












@Peschke I have placed the certificate in the certificate store. In centos its /etc/pki/ca-trust/source/anchors/ . But still results in error.
– Arun Prakash
Nov 26 at 10:28




@Peschke I have placed the certificate in the certificate store. In centos its /etc/pki/ca-trust/source/anchors/ . But still results in error.
– Arun Prakash
Nov 26 at 10:28












@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28





@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28











1 Answer
1






active

oldest

votes

















up vote
0
down vote













Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.



You need to use openssl s_client to discover the certificate’s chain (of example.com website) :



openssl s_client -connect example.com:443 -debug


Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.






share|improve this answer




















  • I did put the certificate in /etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.
    – Arun Prakash
    Nov 26 at 10:35










  • Is --no-check-certificate option working?
    – finn
    Nov 26 at 10:38











  • its working. no problem with that. I want to know why this https fails
    – Arun Prakash
    Nov 26 at 10:39










  • which distro you're using? probably fedora
    – finn
    Nov 26 at 10:41











  • This failure occurs in centos
    – Arun Prakash
    Nov 26 at 10:43

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.



You need to use openssl s_client to discover the certificate’s chain (of example.com website) :



openssl s_client -connect example.com:443 -debug


Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.






share|improve this answer




















  • I did put the certificate in /etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.
    – Arun Prakash
    Nov 26 at 10:35










  • Is --no-check-certificate option working?
    – finn
    Nov 26 at 10:38











  • its working. no problem with that. I want to know why this https fails
    – Arun Prakash
    Nov 26 at 10:39










  • which distro you're using? probably fedora
    – finn
    Nov 26 at 10:41











  • This failure occurs in centos
    – Arun Prakash
    Nov 26 at 10:43














up vote
0
down vote













Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.



You need to use openssl s_client to discover the certificate’s chain (of example.com website) :



openssl s_client -connect example.com:443 -debug


Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.






share|improve this answer




















  • I did put the certificate in /etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.
    – Arun Prakash
    Nov 26 at 10:35










  • Is --no-check-certificate option working?
    – finn
    Nov 26 at 10:38











  • its working. no problem with that. I want to know why this https fails
    – Arun Prakash
    Nov 26 at 10:39










  • which distro you're using? probably fedora
    – finn
    Nov 26 at 10:41











  • This failure occurs in centos
    – Arun Prakash
    Nov 26 at 10:43












up vote
0
down vote










up vote
0
down vote









Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.



You need to use openssl s_client to discover the certificate’s chain (of example.com website) :



openssl s_client -connect example.com:443 -debug


Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.






share|improve this answer












Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.



You need to use openssl s_client to discover the certificate’s chain (of example.com website) :



openssl s_client -connect example.com:443 -debug


Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 26 at 10:31









finn

1613




1613











  • I did put the certificate in /etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.
    – Arun Prakash
    Nov 26 at 10:35










  • Is --no-check-certificate option working?
    – finn
    Nov 26 at 10:38











  • its working. no problem with that. I want to know why this https fails
    – Arun Prakash
    Nov 26 at 10:39










  • which distro you're using? probably fedora
    – finn
    Nov 26 at 10:41











  • This failure occurs in centos
    – Arun Prakash
    Nov 26 at 10:43
















  • I did put the certificate in /etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.
    – Arun Prakash
    Nov 26 at 10:35










  • Is --no-check-certificate option working?
    – finn
    Nov 26 at 10:38











  • its working. no problem with that. I want to know why this https fails
    – Arun Prakash
    Nov 26 at 10:39










  • which distro you're using? probably fedora
    – finn
    Nov 26 at 10:41











  • This failure occurs in centos
    – Arun Prakash
    Nov 26 at 10:43















I did put the certificate in /etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35




I did put the certificate in /etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35












Is --no-check-certificate option working?
– finn
Nov 26 at 10:38





Is --no-check-certificate option working?
– finn
Nov 26 at 10:38













its working. no problem with that. I want to know why this https fails
– Arun Prakash
Nov 26 at 10:39




its working. no problem with that. I want to know why this https fails
– Arun Prakash
Nov 26 at 10:39












which distro you're using? probably fedora
– finn
Nov 26 at 10:41





which distro you're using? probably fedora
– finn
Nov 26 at 10:41













This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43




This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43


Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?