wget by default performs validity check of
SSL certificates for
SSL-based websites. This is obviously a security reason as the core of
SSL itself relies on certificates to be valid and verified to be used and trusted. There are times though that you'll want to bypass this in
wget such as when trying to access websites with expired
SSL certificate or those with self-signed certificates.
This could easily be done with the
--no-check-certificate Don't check the server certificate against the available certificate authorities. Also don't require the URL host name to match the common name presented by the certificate. As of Wget 1.10, the default is to verify the server's certificate against the recognized certificate authorities, breaking the SSL handshake and aborting the download if the verification fails. Although this provides more secure downloads, it does break interoperability with some sites that worked with previous Wget versions, particularly those using self-signed, expired, or otherwise invalid certificates. This option forces an "insecure" mode of operation that turns the certificate verification errors into warnings and allows you to proceed. If you encounter "certificate verification" errors or ones saying that "common name doesn't match requested host name", you can use this option to bypass the verification and proceed with the download. Only use this option if you are otherwise convinced of the site's authenticity, or if you really don't care about the validity of its certificate. It is almost always a bad idea not to check the certificates when transmitting confidential or important data.
--no-check-certificate, you'll get the following error when accessing an improperly-configured certificate;
$ wget https://192.168.0.1/ --2018-06-07 12:19:25-- https://192.168.0.1/ Connecting to 192.168.0.1:443... connected. ERROR: certificate common name ‘*.example.com’ doesn't match requested host name ‘192.168.0.1’. To connect to 192.168.0.1 insecurely, use `--no-check-certificate'.
--no-check-certificate option used,
wget will only throw a warning but will still proceed with the request.
$ wget --no-check-certificate https://192.168.0.1/ --2018-06-07 12:27:19-- https://192.168.0.1/ Connecting to 192.168.0.1:443... connected. WARNING: certificate common name ‘*.example.com’ doesn't match requested host name ‘192.168.0.1’. HTTP request sent, awaiting response... 200 OK Length: 90 [text/html] Saving to: ‘index.html’ 100%[=======================================================================================>] 90 --.-K/s in 0s 2018-06-07 12:27:19 (5.03 MB/s) - ‘index.html’ saved [90/90]