iEFdev

Code, Computers & Random Junk

Wget & HTTPS in OS X

How to setup wget to work with HTTPS in OS X.

When you install wget, like in that old post - on OS X you don’t get support for HTTPS. That is something one has to add. Of course it’s possible to run it without and use:

wget --no-check-certificate

And/or setting up an alias:

alias wgetnc='wget --no-check-certificate'

But to use it properly one need to get the certs. It’s not that difficult. You can do it in 2 ways. Either use the perl script from the curl source and create the bundle, or grab a ready-made file from the curl source on Github.


In the curl source on Github you can find the script here: mk-ca-bundle.pl. Download it, and run it, and the copy the file to /usr/local/share/curl.

cd <path to script>
./mk-ca-bundle.pl
sudo mkdir -p /usr/local/share/curl
sudo mv ca-bundle.crt /usr/local/share/curl

Or, you can use the pre-made cert file they have: ca-bundle.crt and put it in the same directory as above.

sudo mkdir -p /usr/local/share/curl
sudo mv ca-bundle.crt /usr/local/share/curl

Then add the path to it in ~/.wgetrc

echo "CA_CERTIFICATE=/usr/local/share/curl/ca-bundle.crt" >> ~/.wgetrc

Of course you can chose any (other) location you want. Just add the correct path to it in ~/.wgetrc. In most Linux distributions you install a ca-bundle instead. And wget is usually set up with that right away.

Updating

When you need to update the bundle - connections starts to fail, just download/recreate the bundle again.

I made a small script for that.

/usr/local/sbin/curlcaupd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/env bash
#
# /usr/local/sbin/curlcaupd
#
# Script to update Curl's ca-bundle to use with 'wget'
#

# ca-cert-bundle
_bundle='https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt';

# CA bundle folder
_certdir='/usr/local/share/curl';

ERROR=0

if [ ! -d $_certdir ]; then
  sudo install -d $_certdir;
  cd $_certdir;
  sudo wget -qc --limit-rate=30k --no-check-certificate --show-progress $_bundle;
  echo CA_CERTIFICATE=/usr/local/share/curl/ca-bundle.crt >> ~/.wgetrc
  ERROR=$?
else
  cd $_certdir;
  sudo wget -qc --limit-rate=30k --show-progress $_bundle -O 'ca-bundle.crt';
  ERROR=$?
fi

# Announce ...
if [ $(uname) == 'Darwin' ]; then
  [ $ERROR == 0 ] && say -v Samantha "Curl CA cert bundle is updated.";
else
  [ $ERROR == 0 ] && echo "$(basename $0): Curl CA cert bundle is updated.";
fi

exit $ERROR;

Actually, you can use that to install the bundle to.

Comments