Use of https in terminal fails [closed]
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
Use of http
in terminal seems to work fine.
But when I tried the same using https
, it fails.
When I try to get the same location with wget
. http works but https results in error - ERROR: Can not verify certificate attribute
and fails.
There seems to be no problem with proxy, everything is configured properly.
Its not only wget even yum
command and all other commands fails with https
.
Can someone explain the cause of this?
networking terminal http https
closed as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
|
show 3 more comments
up vote
0
down vote
favorite
Use of http
in terminal seems to work fine.
But when I tried the same using https
, it fails.
When I try to get the same location with wget
. http works but https results in error - ERROR: Can not verify certificate attribute
and fails.
There seems to be no problem with proxy, everything is configured properly.
Its not only wget even yum
command and all other commands fails with https
.
Can someone explain the cause of this?
networking terminal http https
closed as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be--no-check-certificate
– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its/etc/pki/ca-trust/source/anchors/
. But still results in error.
– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
|
show 3 more comments
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Use of http
in terminal seems to work fine.
But when I tried the same using https
, it fails.
When I try to get the same location with wget
. http works but https results in error - ERROR: Can not verify certificate attribute
and fails.
There seems to be no problem with proxy, everything is configured properly.
Its not only wget even yum
command and all other commands fails with https
.
Can someone explain the cause of this?
networking terminal http https
Use of http
in terminal seems to work fine.
But when I tried the same using https
, it fails.
When I try to get the same location with wget
. http works but https results in error - ERROR: Can not verify certificate attribute
and fails.
There seems to be no problem with proxy, everything is configured properly.
Its not only wget even yum
command and all other commands fails with https
.
Can someone explain the cause of this?
networking terminal http https
networking terminal http https
asked Nov 26 at 8:07
Arun Prakash
115
115
closed as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be--no-check-certificate
– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its/etc/pki/ca-trust/source/anchors/
. But still results in error.
– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
|
show 3 more comments
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be--no-check-certificate
– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its/etc/pki/ca-trust/source/anchors/
. But still results in error.
– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be
--no-check-certificate
– Panki
Nov 26 at 10:03
A quick workaround could probably be
--no-check-certificate
– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its
/etc/pki/ca-trust/source/anchors/
. But still results in error.– Arun Prakash
Nov 26 at 10:28
@Peschke I have placed the certificate in the certificate store. In centos its
/etc/pki/ca-trust/source/anchors/
. But still results in error.– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
|
show 3 more comments
1 Answer
1
active
oldest
votes
up vote
0
down vote
Yes, you could take @panki(from comment) advice and use the --no-check-certificate
option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client
to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem
. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate
option.
I did put the certificate in/etc/pki/ca-trust/source/anchors/
. And ran the commandupdate-ca-trust extract
to update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificate
option working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttps
fails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Yes, you could take @panki(from comment) advice and use the --no-check-certificate
option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client
to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem
. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate
option.
I did put the certificate in/etc/pki/ca-trust/source/anchors/
. And ran the commandupdate-ca-trust extract
to update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificate
option working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttps
fails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
up vote
0
down vote
Yes, you could take @panki(from comment) advice and use the --no-check-certificate
option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client
to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem
. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate
option.
I did put the certificate in/etc/pki/ca-trust/source/anchors/
. And ran the commandupdate-ca-trust extract
to update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificate
option working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttps
fails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
up vote
0
down vote
up vote
0
down vote
Yes, you could take @panki(from comment) advice and use the --no-check-certificate
option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client
to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem
. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate
option.
Yes, you could take @panki(from comment) advice and use the --no-check-certificate
option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client
to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem
. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate
option.
answered Nov 26 at 10:31
finn
1613
1613
I did put the certificate in/etc/pki/ca-trust/source/anchors/
. And ran the commandupdate-ca-trust extract
to update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificate
option working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttps
fails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
I did put the certificate in/etc/pki/ca-trust/source/anchors/
. And ran the commandupdate-ca-trust extract
to update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificate
option working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttps
fails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
I did put the certificate in
/etc/pki/ca-trust/source/anchors/
. And ran the command update-ca-trust extract
to update the same. But still its not working.– Arun Prakash
Nov 26 at 10:35
I did put the certificate in
/etc/pki/ca-trust/source/anchors/
. And ran the command update-ca-trust extract
to update the same. But still its not working.– Arun Prakash
Nov 26 at 10:35
Is
--no-check-certificate
option working?– finn
Nov 26 at 10:38
Is
--no-check-certificate
option working?– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why this
https
fails– Arun Prakash
Nov 26 at 10:39
its working. no problem with that. I want to know why this
https
fails– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be
--no-check-certificate
– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its
/etc/pki/ca-trust/source/anchors/
. But still results in error.– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28