8

I have Cygwin installed in my windows system. I am trying to execute wget command for a website but I am getting the following error message:

ERROR: The certificate of `example.com' is not trusted.
ERROR: The certificate of `example.com' hasn't got a known issuer.

How do I fix this issue - so that I can proceed further.

Community
  • 1
Tripz
  • 81
  • 1
  • 1
  • 2

1 Answers1

9

If you don't care about checking the validity of the certificate just add the --no-check-certificate option on the wget command-line.

Edit:

Not checking the validity of the certificate opens you up to man-in-the-middle attacks (MiTM). Depending on the environment you're working in (over the Internet vs. a private LAN) this could be a major vulnerability. Your situation and risk profile should inform your decision.

If you do actually care about checking the validity of the certificate you should provide wget with a CA certificate "bundle". Cygwin provides this in the "ca-certificates" package. You can find more specific details in this Stack Overflow answer. It looks like there has been little consensus as to the location of the SSL certificate bundle for Cygwin in the past, resulting in the need to specify its location in configuration files or create symlinks to direct applications to the appropriate directory. Your mileage will vary depending on the version of Cygwin tools you're using.

Community
  • 1
Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • 2
    I tried using -no-check-certificate but it did not help me. It is warning and moving forward but wget did not finish my execution I am trying something like this wget --post-data 'email=abc@xxx.com&action=submit&context=SIGNUP' http://www.landsend.com/cgi-bin/newsletter.cgi --no-check-certificate --save-cookies landsend.cookies --keep-session-cookies --load-cookies landsend.cookies – Tripz Jul 18 '12 at 22:22
  • Hmm... What kind of error message did it terminate with? I'm not sure I want to test that (because I don't really want to POST anything to their web site). – Evan Anderson Jul 18 '12 at 22:33
  • @EvanAnderson I was having the same issue described in the Question. Following your suggestion worked well. Thanks! – Perry Tew Jul 27 '12 at 13:39
  • with cygwin I have the same problem. – Edmondo Sep 16 '13 at 09:36
  • A better solution is probably to fix the certificate situation in the Cygwin environment. Install new CAs that can validate the SSL certificate of the site you're making requests to. – Alex Reynolds Dec 15 '16 at 00:52
  • @AlexReynolds - MiTM is certainly a serious vulnerability. Getting the right paths in the right places in Cygwin has also been problematic, though, too. Ultimately sysadmins need to be educated about the issue (understanding how trust works in a PKI) and make the right call for their risk profile. Balancing "I just need this to work right now one time" vs. "I need this to be the correct solution" is part of our daily balancing act. – Evan Anderson Dec 15 '16 at 16:53