Using wget on Windows with certificates - windows

I am building a Windows script for which I'm using the Windows version of wget. The page I need to query is protected and requires a certificate to access. I currently have that client certificate installed on the computer. How can I use this certificate with wget in order to access the protected web page? Export it somehow from the Windows certificate manager?
Thanks!

I'm not sure of the syntax for using a certificate with wget, but you probably need it in PEM format:
How to convert .crt to .pem

Related

How to compile (lib)curl with macOS keychain access?

I want to compile curl in a such a way that it can access the macOS keychain for certificate lookup. I have added an internal company CA certificate to my system keychain and am trusting it.
When I build curl as described in the docs with Secure Transport I am able to connect to a server with a certificate signed by our internal CA. However, this does not work as root.
./curl company.com # works
sudo ./curl company.com # invalid certificate chain
When I repeat the same tests with the curl version that ships with the os, it works in both cases. Same results with a small example program when I link against my build vs linking against Apple's curl.
I've also tried to compile it with libressl (with and without Secure Transport) but then keychain access doesn't even work as normal user.
Any idea what's going wrong? How does Apple compile curl so that it works as root?
You can fetch the source files of Apple's curl from here curl-121.100.3 and see, how they compile curl, compare them with the vendor's files of the release 7.64.1.

go command accessing self-signed certificate

I am using Go with self-hosted Git (gitea) with self-signed certificate.
However with self-signed certificate most Go commands don't work correctly including "go mod". I have to do "go get -insecure ...." before I do any other go mod commands. I can't even do "go list" because it doesn't seem to accept the -insecure flag. And most IDE tool won't work correctly, especially GoLand.
What is the best way to go about this kind of issue? Do I have to get the certificate and add to trusted certificate locally? Or is there another way to go about this?
As #Vorsprung said, I as our MIS to provide the self-signed CA and installed and trust it on my local computer.

Signed Application file - how to get the signature from the file?

I am downloading a file that want to install on my computer. I know that it will be Ok to install if the signature matches the signature I have on file for the distributor of that file.
I am not downloading directly from the distributor though so I want to check that the file is signed with their key.
I have downloaded a version of openssl for windows but I can't see from that how to tell what the key is from the application file. I've seen many files for download say that their hash is x but what I am looking for is the distributor's key which from the file itself. What I have to compared it against is the SHA1-40-hex digit key.
I installed the JDK and used it's [jdk]\bin\keytool.exe to run the following:
keytool -list -printcert -jarfile [path_to_your_apk] > signature.txt
If you look through that file you can see the signature section at the top and the required signature in it. Thanks.

Windows 7 - How to generate CSR when IIS is not installed

My .NET application will be communicating with a third party server application that is implemnted as web-service over SSL. This application will run from different flavours of Windows 7 platform. The server application requires me to generate CSR file. The only way I can find generating a CSR is via IIS but this may not necessarily be installed on all computer where my application will be hosted. Any ideas on how can I generate a CSR on Win 7 platform without using IIS?
For a more recent version of openssl...
https://www.openssl.org/community/binaries.html links to
https://wiki.openssl.org/index.php/Binaries which links to
http://slproweb.com/products/Win32OpenSSL.html which has links for win64 and win32 openssl.
Otherwise, you should be able to install openssl v0.98h on windows with this:
http://gnuwin32.sourceforge.net/packages/openssl.htm
Run the openssl at the command prompt (Start->Run->"cmd.exe"):
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
or you can use this online tool to generate the openssl command:
https://www.digicert.com/easy-csr/openssl.htm
When you run the openssl req command on your computer, it will generate a CSR (with public key embedded) and private key.
If you need to generate CSRs from code and you are using some of .NET languages, use BouncyCastle or our SecureBlackbox. They both support certificate requests in PKCS#10 format. For C++ you can probably use OpenSSL.
Digicert has an easy to use tool for managing certificates on Windows: https://www.digicert.com/util/
If had the capability to generate certificate requests. It will also convert certificates between different formats

How do I export a PFX Code Signing Key to SPC and PVK under Windows 7?

I have a code signing key in PFX format that I need to export into SPC and PVK files. I tried to install the OpenSSL from Shining light but the install fails under Windows 7.
http://www.shininglightpro.com/products/Win32OpenSSL.html
Here are the instructions I am using from Comodo as a basis:
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1089
Anyone know of an alternate way to do this?
I used the instructions here:
http://help.godaddy.com/article/6034
You still need openssl though, I guess you need to fix that.
Tim
Link from #timanderson worked great for me. 2 notes:
My Firefox saves the pkcs12 file with extension p12 and not pfx.
If you need a pvk without password, add the flag -nocrypt to pvk.

Resources