Go Premium for a chance to win a PS4. Enter to Win

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1594
  • Last Modified:

wget help

Hi Experts
i am trying to download webpages of secured web site using wget on fedora .do i need to configure openssl ? Currently i am trying to run wget which is not confgiured and i am getting 404 error. Can somebody suggest how do i configure openssl  this so that i  write i script to download webpages .

  • 10
  • 8
  • 5
1 Solution
You don't need special configuration for that.
Just replace http:// with https:// and it should work.

Is it a public site, if can you tell us which?
devlearnAuthor Commented:
here is the log what is says

--2011-09-18 20:57:27--  https://fedorahosted.org/
Resolving fedorahosted.org...
Connecting to fedorahosted.org||:443... connected.
ERROR: cannot verify fedorahosted.org's certificate, issued by `/C=US/O=GeoTrust
, Inc./CN=GeoTrust SSL CA':
  Unable to locally verify the issuer's authority.
To connect to fedorahosted.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

seems i need to store certificate in ssl if i am not wrong

is there any way i can get out of this by storing certificate ?
You can install the most needed/most nessecary certificates by installing this package
yum install ca-certificates
The attached certificate (or its content) should be found inside /etc/ssl/certs afterwards.
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

devlearnAuthor Commented:
sorry i am nto too sure how you did it. Does yum install ca-certificate install all  pre requisites certificate?
How did you arrive that certificate is from geo trustGlobal ? seems from the error message i have shown. However if i wish to install from any other ssl site how do i know what are the correct steps in which i am able to generate the certificate. Please explain

Appreciate your help
I surfed fedorahosted.org myself and used firefox's method to show its root certificate.
Because you don't want all certificates out there in your database, there are some companys which deploy certificates. These have so called "root certificats". Each other certificate they hand out can be verified with this one root certificate.
In this case it is a 2 step certification. The certificate of "fedorahosted.org" is signed by "GeoTrust SSL CA" as shown in your error message. This certificate itself is signed by the root certificate "GeoTrust Global CA"
If you have this GeoTrust Global CA certificate installed your computer is able to verify that all other certificates, which are signed by it, are valid.
ca-certificates contains root certificates from GeoTrust, VeriSign, GlobalSign, Thawte and many other trustable certification authorities.
A easy solution is just put "--no-check-certificate"  to run wget.
In this case you probably can use plain http and save the ssl handshake overhead.
Because here an ordinary root certificate is used I would suggest to install it.
As quick and dirty solution --no-check-certificate is still an option.
devlearnAuthor Commented:
Thanks for all the input. I was trying best to achieve at the solution. I can't provide you the secured URL as this is hosted internal so wont make sense . also i tried using the web site for which i was trying to use is jazz.net for testing. It is hosted as https://jazz.net/. It has a required login and password. As a test purpose i want to download a webpage for analytics purpose

below is the log

Resolving jazz.net...
Connecting to jazz.net||:443... connected.
ERROR: cannot verify jazz.net's certificate, issued by `/C=US/O=Equifax/OU=Equif
ax Secure Certificate Authority':
  Self-signed certificate encountered.
To connect to jazz.net insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
'id' is not recognized as an internal or external command,
operable program or batch file.

i even tried using option --no-check-certificate but it did not help me either.

Connecting to jazz.net||:443... connected.
WARNING: cannot verify jazz.net's certificate, issued by `/C=US/O=Equifax/OU=Equ
ifax Secure Certificate Authority':
  Self-signed certificate encountered.

seems i am missing something. can you suggest me the steps( though i am trying on wget on windows but i am sure it wont help me unix either.)

hmm,  --no-check-certificate should bypass the step to verify certificate. how did you run it?

are you running it as

"wget  --no-check-certificate https://jazz.net/" ?

run "wget --help" and check if it support --no-check-certificate. If not, then you should get a updated wget.
devlearnAuthor Commented:
it seems mine wget does support nocheck certificate option

below is the log

C:\wget>wget --help
GNU Wget 1.11.4, a non-interactive network retriever.
Usage: wget [OPTION]... [URL]...

Mandatory arguments to long options are mandatory for short options too.

  -V,  --version           display the version of Wget and exit.
  -h,  --help              print this help.
  -b,  --background        go to background after startup.
  -e,  --execute=COMMAND   execute a `.wgetrc'-style command.

Logging and input file:
  -o,  --output-file=FILE    log messages to FILE.
  -a,  --append-output=FILE  append messages to FILE.
  -d,  --debug               print lots of debugging information.
  -q,  --quiet               quiet (no output).
  -v,  --verbose             be verbose (this is the default).
  -nv, --no-verbose          turn off verboseness, without being quiet.
  -i,  --input-file=FILE     download URLs found in FILE.
  -F,  --force-html          treat input file as HTML.
  -B,  --base=URL            prepends URL to relative links in -F -i file.

  -t,  --tries=NUMBER            set number of retries to NUMBER (0 unlimits).
       --retry-connrefused       retry even if connection is refused.
  -O,  --output-document=FILE    write documents to FILE.
  -nc, --no-clobber              skip downloads that would download to
                                 existing files.
  -c,  --continue                resume getting a partially-downloaded file.
       --progress=TYPE           select progress gauge type.
  -N,  --timestamping            don't re-retrieve files unless newer than
  -S,  --server-response         print server response.
       --spider                  don't download anything.
  -T,  --timeout=SECONDS         set all timeout values to SECONDS.
       --dns-timeout=SECS        set the DNS lookup timeout to SECS.
       --connect-timeout=SECS    set the connect timeout to SECS.
       --read-timeout=SECS       set the read timeout to SECS.
  -w,  --wait=SECONDS            wait SECONDS between retrievals.
       --waitretry=SECONDS       wait 1..SECONDS between retries of a retrieval.

       --random-wait             wait from 0...2*WAIT secs between retrievals.
       --no-proxy                explicitly turn off proxy.
  -Q,  --quota=NUMBER            set retrieval quota to NUMBER.
       --bind-address=ADDRESS    bind to ADDRESS (hostname or IP) on local host.

       --limit-rate=RATE         limit download rate to RATE.
       --no-dns-cache            disable caching DNS lookups.
       --restrict-file-names=OS  restrict chars in file names to ones OS allows.

       --ignore-case             ignore case when matching files/directories.
       --user=USER               set both ftp and http user to USER.
       --password=PASS           set both ftp and http password to PASS.

  -nd, --no-directories           don't create directories.
  -x,  --force-directories        force creation of directories.
  -nH, --no-host-directories      don't create host directories.
       --protocol-directories     use protocol name in directories.
  -P,  --directory-prefix=PREFIX  save files to PREFIX/...
       --cut-dirs=NUMBER          ignore NUMBER remote directory components.

HTTP options:
       --http-user=USER        set http user to USER.
       --http-password=PASS    set http password to PASS.
       --no-cache              disallow server-cached data.
  -E,  --html-extension        save HTML documents with `.html' extension.
       --ignore-length         ignore `Content-Length' header field.
       --header=STRING         insert STRING among the headers.
       --max-redirect          maximum redirections allowed per page.
       --proxy-user=USER       set USER as proxy username.
       --proxy-password=PASS   set PASS as proxy password.
       --referer=URL           include `Referer: URL' header in HTTP request.
       --save-headers          save the HTTP headers to file.
  -U,  --user-agent=AGENT      identify as AGENT instead of Wget/VERSION.
       --no-http-keep-alive    disable HTTP keep-alive (persistent connections).

       --no-cookies            don't use cookies.
       --load-cookies=FILE     load cookies from FILE before session.
       --save-cookies=FILE     save cookies to FILE after session.
       --keep-session-cookies  load and save session (non-permanent) cookies.
       --post-data=STRING      use the POST method; send STRING as the data.
       --post-file=FILE        use the POST method; send contents of FILE.
       --content-disposition   honor the Content-Disposition header when
                               choosing local file names (EXPERIMENTAL).
       --auth-no-challenge     Send Basic HTTP authentication information
                               without first waiting for the server's

HTTPS (SSL/TLS) options:
       --secure-protocol=PR     choose secure protocol, one of auto, SSLv2,
                                SSLv3, and TLSv1.
       --no-check-certificate   don't validate the server's certificate.
       --certificate=FILE       client certificate file.
       --certificate-type=TYPE  client certificate type, PEM or DER.
       --private-key=FILE       private key file.
       --private-key-type=TYPE  private key type, PEM or DER.
       --ca-certificate=FILE    file with the bundle of CA's.
       --ca-directory=DIR       directory where hash list of CA's is stored.
       --random-file=FILE       file with random data for seeding the SSL PRNG.
       --egd-file=FILE          file naming the EGD socket with random data.

FTP options:
       --ftp-user=USER         set ftp user to USER.
       --ftp-password=PASS     set ftp password to PASS.
       --no-remove-listing     don't remove `.listing' files.
       --no-glob               turn off FTP file name globbing.
       --no-passive-ftp        disable the "passive" transfer mode.
       --retr-symlinks         when recursing, get linked-to files (not dir).
       --preserve-permissions  preserve remote file permissions.

Recursive download:
  -r,  --recursive          specify recursive download.
  -l,  --level=NUMBER       maximum recursion depth (inf or 0 for infinite).
       --delete-after       delete files locally after downloading them.
  -k,  --convert-links      make links in downloaded HTML point to local files.
  -K,  --backup-converted   before converting file X, back up as X.orig.
  -m,  --mirror             shortcut for -N -r -l inf --no-remove-listing.
  -p,  --page-requisites    get all images, etc. needed to display HTML page.
       --strict-comments    turn on strict (SGML) handling of HTML comments.

Recursive accept/reject:
  -A,  --accept=LIST               comma-separated list of accepted extensions.
Yeah, try to get a new version wget. here is one: http://users.ugent.be/~bpuype/wget/

this one support  --no-check-certificate
oh wait, your wget already support  --no-check-certificate, weird.

"Connecting to jazz.net||:443... connected.
WARNING: cannot verify jazz.net's certificate, issued by `/C=US/O=Equifax/OU=Equ
ifax Secure Certificate Authority':
  Self-signed certificate encountered."

Seems this is just a warning, not error, can you get the output page anyway?
devlearnAuthor Commented:
No, i checked that at very first while updating here.
It is your error message from #36560540, which says you can use --no-check-certificate. If you get a warning using it, it is just a informational warning. You should be able to download all files via https. If not, what is the full message you get?
devlearnAuthor Commented:
here is what i get (pasted earlier)

Resolving jazz.net...
Connecting to jazz.net||:443... connected.
ERROR: cannot verify jazz.net's certificate, issued by `/C=US/O=Equifax/OU=Equif
ax Secure Certificate Authority':
  Self-signed certificate encountered.
To connect to jazz.net insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
'id' is not recognized as an internal or external command,
operable program or batch file.

I am able to download a html page which is basically login page asking for user id and pass. Is there any way i can provide user id and password at run time . Seems if user id and password is provided it can go ahead and download the required webpage.

Any suggestions

devlearnAuthor Commented:
seems one of the solution is provided at the below


Trying this out
This is without --no-check-certificate.
What do you want at all? You can't send a user id and password to a login site and download another file using the same credentials is 99%. If you log on some site, you get a cookie with an id, which will be sent to every other download request on this page. wget can't do this alone.
To sent userid and password to a server, you can either use get (http://domain.tld/path/to/file?userid=myname&password=secret) or post (--post-data='userid=myname&password=secret' http://domain.tld/path/to/file)
Which way works depends on your host.
devlearnAuthor Commented:
seems i am not clear with the last comment 36562361 . What now exactly i need to follow to make this work going . I tried the link trog.qgl.org/20061026/httpsssl-with-wget/ also but that too in vain. This is making me more confusing. suggest how do i get out of this . AM i missing something that you are trying to state?
I am a bit confused about your last posted output, I think there are two problems.
One is the self signed ssl certificate. To solve this, you can either download the certifcate and use it with wget option ca-certificate=certificate.pem. But you don't need to download the file linked at tog.ggl.org because your self signed certificate won't be contained. In my point of view, the easiest way to get this pem file is to surf the https file using a browser and export the certificate from there. This is possible with openssl, too, but I need it too rarely to remember this command.
Another method to solve it is the often mentioned option --no-check-certificate. This will print a warning but apart from that work completely.

Your second problem, the one I tried to answer in #36562361 is this from your last posting:
'id' is not recognized as an internal or external command,
operable program or batch file.

Open in new window

You are trying to do something wget doesn't understand.
devlearnAuthor Commented:
Have been trying but no luck .

Can you suggets me the command how to get the self signed certificate. I have been trying but still i am not able to install certifcate.pem as you suggested .
what is the command i should be using? I If possible can you provide the way on windows cmd if possible . If not i can also try on unix as well (hope the command wouldnt differ much)
1. Using SSL
2. Through a browser

I would like to check with both the option .
1. On unix, to do this on windows you need openssl installed. The sed-command just extracts the part from BEGIN to END including from the output to only get the needed part.
openssl s_client -connect $yourhost:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.pem

2. see the attached screen shots. The resulting pem file can be used as it is.

wget --ca-certificate=certificate.pem https://$yourhost/
devlearnAuthor Commented:
Finally got through. Thanks all for your help

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 10
  • 8
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now