SSL certificates for use with wget

When I wget https resources, I'm unable to verify the certificates:

$ wget [url]https://google.com[/url]
Code:
--2012-06-29 10:56:13--  [url]https://google.com/[/url]
Resolving google.com (google.com)... 74.125.227.137, 74.125.227.142, 74.125.227.128, ...
Connecting to google.com (google.com)|74.125.227.137|:443... connected.
ERROR: cannot verify google.com's certificate, issued by `/C=US/O=Google Inc/CN=Google Internet Authority':
  Unable to locally verify the issuer's authority.
To connect to google.com insecurely, use `--no-check-certificate'.

I've installed security/ca_root_nss, which is the only maintained root certificate I could find. How do I go about downloading resources with wget without explicitly bypassing the certificate with --no-check-certificate?

I know that fetch() is in the base install, but I'm looking to use this in more complex arrangements, such as batch downloading large sets of files recursively, in a way not supported by fetch or curl. Is there an equivalent to the ca-certificates package on Debian-based distributions to handle the certs correctly?
 
Try giving the CA certificate file to ftp/wget with the --ca-certificate or the --ca-directory options. I think the problem is that ftp/wget uses the base system openssl(1) settings and search paths for certificates and /usr/local/share/certs/ are not included in the search path by default.

$ wget --ca-certificate /usr/local/share/certs/ca-root-nss.crt [url]https://www.google.com/[/url]

Edit: The above works for me. There's also an option in security/ca_root_nss to create a symbolic link in /etc/ssl that should make thing work automatically.
 
Back
Top