Hi,
When I add no-check-certificate option I recieve an error message:
wget --no-check-certificate --spider https://myserver.domain.com:443/
wget: unrecognized option `--no-check-certificate'
Usage: wget [OPTION]... [URL]...
man wget
Manual entry for wget not found or not installed.
uname -a
AIX xxxx 1 7 00F9857E4C00
What is the right syntax please?
Thanks.
Maybe your version of wget is too old and does not support the specified option?
a) You may try strings $(which wget) | grep no-check-certificate. If this does not produce any output, your wget definitely does not support it.
b) Check the changelog of wget against your local version, what it states about when --no-check-certificate was added
Thanks.
a) You may try strings $(which wget) | grep no-check-certificate.
This does not produce any output.
b) Check the changelog of wget against your local version, what it states about when --no-check-certificate was added
How to check changelog?
Regards.
Search the internet for the wget website and locate the changelog for the sourcecode. Check the changelog file for the string --no-check-certificate.
But as the first test already showed: Your wget version does not support it. If you really need it, try to get a newer version(download newer version from somewhere, try to get it compiled, ...) or download it at a server with a newer wget version and upload it to your aix box.
OK. Thank you.
if you have openssl installed, you could try to get ther server's cert:
echo | openssl s_client -showcerts -connect myserver.domain.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem
And then use that cert for wget:
wget --ca-certificate=cert.pem --spider https://myserver.domain.com
(btw you don't have to append :443 when you're using https://)
Perhaps it works without the --no-check-certificate ?
Does
rpm -qa
list the wget package? If yes, check for a newer version e.g. from
Usually there will be a lot of dependent other packages, so check for a frontend to rpm (Linux distros have got tools like yum or zypper).
Hi,
Thank you.
Without --no-check-certificate does not work
wget --spider https://myserver.domain.com
connected.
Unable to establish SSL connection.
echo $?
1
Regards.
there isn't any message concerning a wrong certificate. Is that the complete output of the wget call? If not, please submit the full output, replacing ip addresses and dns names. Otherwise, what does wget -v ... give?
Thanks:
wget -V
GNU Wget 1.9.1
Copyright (C) 2003 Free Software Foundation, Inc.
This program is distributed in the hope that it will be useful,
I had also on another AIX server:
ERROR: cannot verify myserver.domain.com's certificate, issued by 'CN=xxxxxx':
Self-signed certificate encountered.
To connect to myserver.domain.com insecurely, use `--no-check-certificate'
Regards.
Self-signed certificates are not considered secure.
Have you considered using signed certificates?
Thanks.
It seems easier to be able to use --no-check-certificate first than changing certificates.
Regards.
Hmm.
You have been working on this using the --no-check-certificate approach without success for over 24 hours.
I don't think changing certs is such a big deal that it takes so long.
Of course, it's up to you 
I meant the lower -v Anyway, your version of wget is way too old. Strange that it suggests the --no-check switch, but doesn't accept it. You could get the latest source of wget and compile it, but that would require lots of devel tools and libs. Or use curl, but that can't spider a site, so you would need a helper script, like Unix Shell-Script to crawl a list of website URLs using curl · GitHub.
I assume that's not a self-signed certificate that the remote website is using, rather than the posters system does not have a correct/current set of CA-Certificates in place to verify the the remote websites cert, which causes the same message.
I do not no wether those CA-Certificate Updates are even regularly provided by the vendor and/or installed by the user. In Debian-Linux this is provided by a package called ca-certificates which gets updates regularly.
Better
openssl s_sclient -c x.x.x.x:22 -fallback_scsv