[solved] how to install certs for use with wget?

Post here if you are a new Porteus member and you're looking for some help.
Post Reply
MacGuges
White ninja
White ninja
Posts: 14
Joined: 12 Aug 2014, 21:59
Distribution: Porteus 3
Location: Rochester, NY

[solved] how to install certs for use with wget?

Post#1 by MacGuges » 23 Oct 2014, 17:21

I've been interested in working through LFS (Linux From Scratch), so I attempted to download its list of recommended packages the other day. Eight packages failed to download. I've learned these downloads failed because wget did not have the appropriate certificates for secure http with their servers. No certificates exist under /etc/ssl (apparently the normative location for openssl on Slackware), but I did locate several certificates under /usr/share/purple/ca-certs. Still, giving that directory to wget did not work:

Code: Select all

root@porteus:/mnt/sda4/sources# wget --ca-directory=/usr/share/purple/ca-certs/ http://launchpad.net/intltool/trunk/0.50.2/+download/intltool-0.50.2.tar.gz -P $LFS/sources 
--2014-10-23 13:07:29--  http://launchpad.net/intltool/trunk/0.50.2/+download/intltool-0.50.2.tar.gz
Resolving launchpad.net (launchpad.net)... 91.189.89.222, 91.189.89.223
Connecting to launchpad.net (launchpad.net)|91.189.89.222|:80... connected.
HTTP request sent, awaiting response... 303 See Other
Location: https://launchpadlibrarian.net/94524169/intltool-0.50.2.tar.gz [following]
--2014-10-23 13:07:34--  https://launchpadlibrarian.net/94524169/intltool-0.50.2.tar.gz
Resolving launchpadlibrarian.net (launchpadlibrarian.net)... 91.189.89.229, 91.189.89.228
Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|91.189.89.229|:443... connected.
ERROR: cannot verify launchpadlibrarian.net's certificate, issued by ‘/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2’:
  Unable to locally verify the issuer's authority.
To connect to launchpadlibrarian.net insecurely, use `--no-check-certificate'.
I'd rather not use --no-check-certificate and learn the proper, secure way to acquire download the packages. I've been searching for documentation on creating a cert.pem file (which is missing) and how to install certificates, but it occurs to me this problem may occur to others in the Porteus community, or there may exist a standard solution for Porteus already.
Last edited by MacGuges on 25 Oct 2014, 11:41, edited 1 time in total.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4547
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: how to install certs for use with wget?

Post#2 by fanthom » 23 Oct 2014, 17:45

please use this switch:

Code: Select all

--no-check-certificate
Please add [Solved] to your thread title if the solution was found.

User avatar
brokenman
Site Admin
Site Admin
Posts: 5436
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: how to install certs for use with wget?

Post#3 by brokenman » 23 Oct 2014, 18:05

How does an SSL certificate make downloading a slackware package (from the same domain name) any more secure? I assume you plan on installing the packages you download onto your system? You are worrying about the wrong thing in this scenario. A certificate will not make an iota of difference. The switch mentioned above was created for a reason.
How do i become super user?
Wear your underpants on the outside and put on a cape.

MacGuges
White ninja
White ninja
Posts: 14
Joined: 12 Aug 2014, 21:59
Distribution: Porteus 3
Location: Rochester, NY

[solved] Re: how to install certs for use with wget?

Post#4 by MacGuges » 23 Oct 2014, 21:37

brokenman wrote:How does an SSL certificate make downloading a slackware package (from the same domain name) any more secure? I assume you plan on installing the packages you download onto your system? You are worrying about the wrong thing in this scenario. A certificate will not make an iota of difference. The switch mentioned above was created for a reason.
You're right. After all, the md5sum tells me if there is any variation. I realize I was interested in solving the "problem" regardless of I needed it to be solved.

Post Reply