Solved

wget help

Posted on 2011-09-18
23
1,457 Views
Last Modified: 2012-05-12
Hi Experts
i am trying to download webpages of secured web site using wget on fedora .do i need to configure openssl ? Currently i am trying to run wget which is not confgiured and i am getting 404 error. Can somebody suggest how do i configure openssl  this so that i  write i script to download webpages .


Thanks
0
Comment
Question by:devlearn
  • 10
  • 8
  • 5
23 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 36556503
You don't need special configuration for that.
Just replace http:// with https:// and it should work.

Is it a public site, if can you tell us which?
0
 

Author Comment

by:devlearn
ID: 36556684
here is the log what is says

--2011-09-18 20:57:27--  https://fedorahosted.org/
Resolving fedorahosted.org... 66.135.52.17
Connecting to fedorahosted.org|66.135.52.17|:443... connected.
ERROR: cannot verify fedorahosted.org's certificate, issued by `/C=US/O=GeoTrust
, Inc./CN=GeoTrust SSL CA':
  Unable to locally verify the issuer's authority.
To connect to fedorahosted.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

seems i need to store certificate in ssl if i am not wrong

is there any way i can get out of this by storing certificate ?
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36556747
You can install the most needed/most nessecary certificates by installing this package
yum install ca-certificates
The attached certificate (or its content) should be found inside /etc/ssl/certs afterwards.
GeoTrustGlobalCA.txt
0
 

Author Comment

by:devlearn
ID: 36557142
sorry i am nto too sure how you did it. Does yum install ca-certificate install all  pre requisites certificate?
How did you arrive that certificate is from geo trustGlobal ? seems from the error message i have shown. However if i wish to install from any other ssl site how do i know what are the correct steps in which i am able to generate the certificate. Please explain

Appreciate your help
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36557202
I surfed fedorahosted.org myself and used firefox's method to show its root certificate.
Because you don't want all certificates out there in your database, there are some companys which deploy certificates. These have so called "root certificats". Each other certificate they hand out can be verified with this one root certificate.
In this case it is a 2 step certification. The certificate of "fedorahosted.org" is signed by "GeoTrust SSL CA" as shown in your error message. This certificate itself is signed by the root certificate "GeoTrust Global CA"
If you have this GeoTrust Global CA certificate installed your computer is able to verify that all other certificates, which are signed by it, are valid.
ca-certificates contains root certificates from GeoTrust, VeriSign, GlobalSign, Thawte and many other trustable certification authorities.
0
 
LVL 7

Expert Comment

by:jackiechen858
ID: 36557380
A easy solution is just put "--no-check-certificate"  to run wget.
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36557399
In this case you probably can use plain http and save the ssl handshake overhead.
Because here an ordinary root certificate is used I would suggest to install it.
As quick and dirty solution --no-check-certificate is still an option.
0
 

Author Comment

by:devlearn
ID: 36560540
Thanks for all the input. I was trying best to achieve at the solution. I can't provide you the secured URL as this is hosted internal so wont make sense . also i tried using the web site for which i was trying to use is jazz.net for testing. It is hosted as https://jazz.net/. It has a required login and password. As a test purpose i want to download a webpage for analytics purpose

below is the log

Resolving jazz.net... 199.246.40.51
Connecting to jazz.net|199.246.40.51|:443... connected.
ERROR: cannot verify jazz.net's certificate, issued by `/C=US/O=Equifax/OU=Equif
ax Secure Certificate Authority':
  Self-signed certificate encountered.
To connect to jazz.net insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
'id' is not recognized as an internal or external command,
operable program or batch file.

i even tried using option --no-check-certificate but it did not help me either.

Connecting to jazz.net|199.246.40.51|:443... connected.
WARNING: cannot verify jazz.net's certificate, issued by `/C=US/O=Equifax/OU=Equ
ifax Secure Certificate Authority':
  Self-signed certificate encountered.

seems i am missing something. can you suggest me the steps( though i am trying on wget on windows but i am sure it wont help me unix either.)

0
 
LVL 7

Expert Comment

by:jackiechen858
ID: 36560787
hmm,  --no-check-certificate should bypass the step to verify certificate. how did you run it?

are you running it as

"wget  --no-check-certificate https://jazz.net/" ?

run "wget --help" and check if it support --no-check-certificate. If not, then you should get a updated wget.
0
 

Author Comment

by:devlearn
ID: 36560919
it seems mine wget does support nocheck certificate option


below is the log

C:\wget>wget --help
GNU Wget 1.11.4, a non-interactive network retriever.
Usage: wget [OPTION]... [URL]...

Mandatory arguments to long options are mandatory for short options too.

Startup:
  -V,  --version           display the version of Wget and exit.
  -h,  --help              print this help.
  -b,  --background        go to background after startup.
  -e,  --execute=COMMAND   execute a `.wgetrc'-style command.

Logging and input file:
  -o,  --output-file=FILE    log messages to FILE.
  -a,  --append-output=FILE  append messages to FILE.
  -d,  --debug               print lots of debugging information.
  -q,  --quiet               quiet (no output).
  -v,  --verbose             be verbose (this is the default).
  -nv, --no-verbose          turn off verboseness, without being quiet.
  -i,  --input-file=FILE     download URLs found in FILE.
  -F,  --force-html          treat input file as HTML.
  -B,  --base=URL            prepends URL to relative links in -F -i file.

Download:
  -t,  --tries=NUMBER            set number of retries to NUMBER (0 unlimits).
       --retry-connrefused       retry even if connection is refused.
  -O,  --output-document=FILE    write documents to FILE.
  -nc, --no-clobber              skip downloads that would download to
                                 existing files.
  -c,  --continue                resume getting a partially-downloaded file.
       --progress=TYPE           select progress gauge type.
  -N,  --timestamping            don't re-retrieve files unless newer than
                                 local.
  -S,  --server-response         print server response.
       --spider                  don't download anything.
  -T,  --timeout=SECONDS         set all timeout values to SECONDS.
       --dns-timeout=SECS        set the DNS lookup timeout to SECS.
       --connect-timeout=SECS    set the connect timeout to SECS.
       --read-timeout=SECS       set the read timeout to SECS.
  -w,  --wait=SECONDS            wait SECONDS between retrievals.
       --waitretry=SECONDS       wait 1..SECONDS between retries of a retrieval.

       --random-wait             wait from 0...2*WAIT secs between retrievals.
       --no-proxy                explicitly turn off proxy.
  -Q,  --quota=NUMBER            set retrieval quota to NUMBER.
       --bind-address=ADDRESS    bind to ADDRESS (hostname or IP) on local host.

       --limit-rate=RATE         limit download rate to RATE.
       --no-dns-cache            disable caching DNS lookups.
       --restrict-file-names=OS  restrict chars in file names to ones OS allows.

       --ignore-case             ignore case when matching files/directories.
       --user=USER               set both ftp and http user to USER.
       --password=PASS           set both ftp and http password to PASS.

Directories:
  -nd, --no-directories           don't create directories.
  -x,  --force-directories        force creation of directories.
  -nH, --no-host-directories      don't create host directories.
       --protocol-directories     use protocol name in directories.
  -P,  --directory-prefix=PREFIX  save files to PREFIX/...
       --cut-dirs=NUMBER          ignore NUMBER remote directory components.

HTTP options:
       --http-user=USER        set http user to USER.
       --http-password=PASS    set http password to PASS.
       --no-cache              disallow server-cached data.
  -E,  --html-extension        save HTML documents with `.html' extension.
       --ignore-length         ignore `Content-Length' header field.
       --header=STRING         insert STRING among the headers.
       --max-redirect          maximum redirections allowed per page.
       --proxy-user=USER       set USER as proxy username.
       --proxy-password=PASS   set PASS as proxy password.
       --referer=URL           include `Referer: URL' header in HTTP request.
       --save-headers          save the HTTP headers to file.
  -U,  --user-agent=AGENT      identify as AGENT instead of Wget/VERSION.
       --no-http-keep-alive    disable HTTP keep-alive (persistent connections).

       --no-cookies            don't use cookies.
       --load-cookies=FILE     load cookies from FILE before session.
       --save-cookies=FILE     save cookies to FILE after session.
       --keep-session-cookies  load and save session (non-permanent) cookies.
       --post-data=STRING      use the POST method; send STRING as the data.
       --post-file=FILE        use the POST method; send contents of FILE.
       --content-disposition   honor the Content-Disposition header when
                               choosing local file names (EXPERIMENTAL).
       --auth-no-challenge     Send Basic HTTP authentication information
                               without first waiting for the server's
                               challenge.

HTTPS (SSL/TLS) options:
       --secure-protocol=PR     choose secure protocol, one of auto, SSLv2,
                                SSLv3, and TLSv1.
       --no-check-certificate   don't validate the server's certificate.
       --certificate=FILE       client certificate file.
       --certificate-type=TYPE  client certificate type, PEM or DER.
       --private-key=FILE       private key file.
       --private-key-type=TYPE  private key type, PEM or DER.
       --ca-certificate=FILE    file with the bundle of CA's.
       --ca-directory=DIR       directory where hash list of CA's is stored.
       --random-file=FILE       file with random data for seeding the SSL PRNG.
       --egd-file=FILE          file naming the EGD socket with random data.

FTP options:
       --ftp-user=USER         set ftp user to USER.
       --ftp-password=PASS     set ftp password to PASS.
       --no-remove-listing     don't remove `.listing' files.
       --no-glob               turn off FTP file name globbing.
       --no-passive-ftp        disable the "passive" transfer mode.
       --retr-symlinks         when recursing, get linked-to files (not dir).
       --preserve-permissions  preserve remote file permissions.

Recursive download:
  -r,  --recursive          specify recursive download.
  -l,  --level=NUMBER       maximum recursion depth (inf or 0 for infinite).
       --delete-after       delete files locally after downloading them.
  -k,  --convert-links      make links in downloaded HTML point to local files.
  -K,  --backup-converted   before converting file X, back up as X.orig.
  -m,  --mirror             shortcut for -N -r -l inf --no-remove-listing.
  -p,  --page-requisites    get all images, etc. needed to display HTML page.
       --strict-comments    turn on strict (SGML) handling of HTML comments.

Recursive accept/reject:
  -A,  --accept=LIST               comma-separated list of accepted extensions.
0
 
LVL 7

Expert Comment

by:jackiechen858
ID: 36560953
Yeah, try to get a new version wget. here is one: http://users.ugent.be/~bpuype/wget/

this one support  --no-check-certificate
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 7

Expert Comment

by:jackiechen858
ID: 36560976
oh wait, your wget already support  --no-check-certificate, weird.
0
 
LVL 7

Expert Comment

by:jackiechen858
ID: 36560990

"Connecting to jazz.net|199.246.40.51|:443... connected.
WARNING: cannot verify jazz.net's certificate, issued by `/C=US/O=Equifax/OU=Equ
ifax Secure Certificate Authority':
  Self-signed certificate encountered."

Seems this is just a warning, not error, can you get the output page anyway?
0
 

Author Comment

by:devlearn
ID: 36561146
No, i checked that at very first while updating here.
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36561973
It is your error message from #36560540, which says you can use --no-check-certificate. If you get a warning using it, it is just a informational warning. You should be able to download all files via https. If not, what is the full message you get?
0
 

Author Comment

by:devlearn
ID: 36562261
here is what i get (pasted earlier)

Resolving jazz.net... 199.246.40.51
Connecting to jazz.net|199.246.40.51|:443... connected.
ERROR: cannot verify jazz.net's certificate, issued by `/C=US/O=Equifax/OU=Equif
ax Secure Certificate Authority':
  Self-signed certificate encountered.
To connect to jazz.net insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
'id' is not recognized as an internal or external command,
operable program or batch file.

I am able to download a html page which is basically login page asking for user id and pass. Is there any way i can provide user id and password at run time . Seems if user id and password is provided it can go ahead and download the required webpage.

Any suggestions


0
 

Author Comment

by:devlearn
ID: 36562344
seems one of the solution is provided at the below

http://trog.qgl.org/20061026/httpsssl-with-wget/

Trying this out
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36562361
This is without --no-check-certificate.
What do you want at all? You can't send a user id and password to a login site and download another file using the same credentials is 99%. If you log on some site, you get a cookie with an id, which will be sent to every other download request on this page. wget can't do this alone.
To sent userid and password to a server, you can either use get (http://domain.tld/path/to/file?userid=myname&password=secret) or post (--post-data='userid=myname&password=secret' http://domain.tld/path/to/file)
Which way works depends on your host.
0
 

Author Comment

by:devlearn
ID: 36562747
seems i am not clear with the last comment 36562361 . What now exactly i need to follow to make this work going . I tried the link trog.qgl.org/20061026/httpsssl-with-wget/ also but that too in vain. This is making me more confusing. suggest how do i get out of this . AM i missing something that you are trying to state?
0
 
LVL 10

Expert Comment

by:acbxyz
ID: 36562992
I am a bit confused about your last posted output, I think there are two problems.
One is the self signed ssl certificate. To solve this, you can either download the certifcate and use it with wget option ca-certificate=certificate.pem. But you don't need to download the file linked at tog.ggl.org because your self signed certificate won't be contained. In my point of view, the easiest way to get this pem file is to surf the https file using a browser and export the certificate from there. This is possible with openssl, too, but I need it too rarely to remember this command.
Another method to solve it is the often mentioned option --no-check-certificate. This will print a warning but apart from that work completely.


Your second problem, the one I tried to answer in #36562361 is this from your last posting:
'id' is not recognized as an internal or external command,
operable program or batch file.

Open in new window

You are trying to do something wget doesn't understand.
0
 

Author Comment

by:devlearn
ID: 36567864
Have been trying but no luck .

Can you suggets me the command how to get the self signed certificate. I have been trying but still i am not able to install certifcate.pem as you suggested .
what is the command i should be using? I If possible can you provide the way on windows cmd if possible . If not i can also try on unix as well (hope the command wouldnt differ much)
1. Using SSL
2. Through a browser

I would like to check with both the option .
 
0
 
LVL 10

Accepted Solution

by:
acbxyz earned 250 total points
ID: 36568278
1. On unix, to do this on windows you need openssl installed. The sed-command just extracts the part from BEGIN to END including from the output to only get the needed part.
openssl s_client -connect $yourhost:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.pem

2. see the attached screen shots. The resulting pem file can be used as it is.

wget --ca-certificate=certificate.pem https://$yourhost/
certexport1.png
certexport2.png
0
 

Author Closing Comment

by:devlearn
ID: 36574225
Finally got through. Thanks all for your help
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now