Why wget doesn't verify SSL certificates?

Solution 1:

By default wget will check for certificates in the path defined in openssl conf file /etc/pki/tls/openssl.cnf (no sure whether the path is correct for fc8). Please check the openssl configuration file and confirm that the paths are correct. May be it is openssl, that need to be corrected.

Solution 2:

I had problems with wget not finding my certificates so I installed ca-certificates

sudo apt install ca-certificates

then I edited:

sudo vi /etc/wgetrc

and added

ca_directory=/etc/ssl/certs

or you can just use this command to append it to the end:

printf "\nca_directory=/etc/ssl/certs" | sudo tee -a /etc/wgetrc

Solution 3:

Your system doesn't trust the signature chain for Google's cert.

They also aren't presenting the full certificate chain, just their issuer's certificate; not 100% up to par, but certainly nothing that should stop you from validating the chain.

Your ancient system is likely to have an equally ancient set of trusted root certificate authorities.

Trust the right VeriSign cert (here), and you should be good.


Solution 4:

You need to gather a list of the root certificates that you wish to trust and tell wget how to find them using either the --ca-certificate or --ca-directory option. You may already have one in /etc/pki/tls/certs if you have the appropriate package installed.