From OpenWetWare

< Computing
Revision as of 15:31, 10 August 2007 by Ilya (Talk | contribs)
Jump to: navigation, search

Using wget to download files from certificate-protected sites at MIT:

  • Download MIT CA
  • Convert the extracted MIT CA from DER to PEM format:
openssl x509 -out exported-pem.crt -outform pem -in exported.crt -inform der 
  • Install personal MIT certificate into web browser
  • Extract private and public keys from the .p12 certificate (converting from pkcs12 to PEM). The first step extracts the private key and the second one extracts the public key:
openssl pkcs12 -nocerts -in usercert.p12 -out ~user/.globus/userkey.pem
chmod 400 ~user/.globus/userkey.pem
openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out ~user/.globus/usercert.pem
  • Use the certificates
wget --private-key=/home/ilyas/computing/certs/mitkey.pem \
--certificate=/home/ilyas/computing/certs/mitcert.pem \
--ca-certificate=/home/ilyas/computing/certs/mitca.pem \

you won't need the --ca-certificate flag if goliath's server ssl cert is signed up a CA recognized in the wget default CA bundle. Now, more importantly, if you remove the --certificate and --private-key parts, that wget should FAIL, giving you an error something like this: OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert

From the openssl man page:

  • public key
          Use the client certificate stored in file.  This is needed for
          servers that are configured to require certificates from the
          clients that connect to them.  Normally a certificate is not
          required and this switch is optional.

private key

          Read the private key from file.  This allows you to provide the
          private key in a file separate from the certificate.


          Use file as the file with the bundle of certificate authorities
          (‘‘CA’’) to verify the peers.  The certificates must be in PEM format.
          Don’t check the server certificate against the available certificate authorities.


Certificate manipulation

Personal tools