How do I find the SSL certificate of a server?
I am trying to work out how to find the SSL certificate of a server.
The server is currently not using SSL but I think it's about to use SSL.
If I run wget -S I get a warning: Cannot open /home/testuser/.wgetrc: Permission denied.
However if I run wget -S then I get this warning: WARNING: cannot verify www.example.com's certificate, issued by '/C=US/ST=San Francisco/L=San Francisco/O=DigiCert Inc/OU=www.digicert.com/CN=www.com': No certificates in trust store
Is this really the certificate that I need to look at? If so, what is the purpose of the warning? How do I actually see the certificate? wget -S uses the -A option, which tells wget to print the result of its operation in a file called foo. It looks like wget creates a temporary file for this operation and you get a warning because your home directory is not writable for the user you are running wget as. That warning is meant to prevent you from accidentally overwriting files you really want to write to with a temporary file you don't mean touch.
The error message given by wget means it couldn't find any certifications for www.com in the certificate chain (in other words: the certificate didn't match what it expects for the server name) and therefore, it didn't trust the certificate.
From the man page: A, --accept-certificate. Accept the certificate sent in a TLS response. By default, wget does not accept a certificate unless it is the only certificate in the certificate chain. With this option, wget accepts the certificate regardless of its position in the certificate chain. Note that this option does not change wget's behaviour when retrieving certificates via -S/-E/-C/-C options, because those always create temporary files.
Here are some articles on the subject.
Where is SSL certificate on Linux server?
How does SSL certificate works with Apache 2 server on Linux?
Can anyone please tell me where it is located, on the webserver's /home or /root? I don't understand why you think it would be in your /root. The root user is not part of your system's userspace. But, if that was the case, I doubt Apache will serve it from a virtual hosting scenario.
It should, at the very least, be under your home directory. But, as said, I doubt you'll be able to view the contents unless you know the login and password of that user.
Related Answers
What is TLS/SSL Protocol?
TLS stands for Transport Layer Security and it is a protocol used to create a secure connect...
Which is more secure SSL TLS or HTTPS?
and SSL? I know the difference between TCP/IP vs. IP, or S...
Is SSL TLS certificate free?
If you are going to use the certificate in production environment, I sugg...