When accessing HTTPS servers with non-standard or self-signed certificates, wget may reject the connection. Providing a trusted .crt file lets wget validate the server’s certificate without relying solely on default authorities.
By specifying a CA certificate file, wget trusts that server’s certificate if it matches the provided CRT. This approach allows secure connections to private or internal servers without disabling certificate checks entirely.
Controlling which certificates wget trusts ensures both flexibility and security. Instead of turning off checks, simply guide wget to the correct certificate file.
Steps to configure wget with a CRT file:
- Obtain the .crt file from the server administrator or a trusted source.
- Place the .crt file in an accessible location.
Use a dedicated directory like ~/certs or etc/ssl/certs for organization.
- Specify the CRT file with --ca-certificate.
$ wget --ca-certificate=/path/to/your_certificate.crt https://your-secure-server.com/file
- Add the CRT path to .wgetrc for automatic usage.
$ echo "ca_certificate = /path/to/your_certificate.crt" >> ~/.wgetrc
Future wget requests will trust the specified certificate without extra options.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.