Wget and Python Requests fail to validate SSL certificates, but browsers don't show any warnings

It is not fully clear what your problem exactly is since there are insufficient information to reproduce it. But, assuming that you are using a recent version of wget an requests with support for SNI I would imagine that it is

  • Either the servers certificate is issued by a CA which is trusted by the browser but not by your systems CA store. Chrome and Firefox use a different CA stores than wget or requests. This can happen for example if the servers certificate (as received by the client) was issued by a non-public CA, which is often the case when accessing intranet sites or if there is a firewall employed with SSL interception. Especially on Windows systems it might also happen that the certificate store for wget and requests is simply empty since the systems CA store is not compatible with OpenSSL.
  • Or the site is misconfigured and the server does not send a necessary intermediate certificate. Desktop browsers often work around this problem, other programs don't. Check this site against SSLLabs and look for chain issues.

Tags:

Certificates

Tls

Related

How would disabling IPv6 make a server any more secure? Is there any point in setting the secure cookie flag for HSTS websites? What is the best protocol for an organisation to make phone calls to clients, where the client is required to verify their identity? Why are two CSRF tokens (hidden field and cookie) necessary to mitigate CSRF attacks? What's the point in hashing phone numbers? Why is Math.random() not designed to be cryptographically secure? Create backup Yubikey with identical PGP keys How do you prevent sending cookie data over HTTP the first time? Is it safe to check password against the HIBP Pwned Passwords API during account registration? Did I just get DNS Hijacked? JWT or public-private keys for service to service API calls Why add username to salt before hashing a password?

Recent Posts