Gerard Henry wrote: On 11/17/10 11:05, Don O'Malley wrote: I'm no security expert, but here's my understanding of the
certificate info. You must provide 'wget' with direction on how to handle security
certificate information. Otherwise, patch downloads via 'wget' will
fail. The purpose of the certificates is for customers to be able to
verify that the content that you are downloading from Oracle, has
actually come from Oracle and has not been intercepted by a
"man-in-the-middle" Which certs are required? (These may have changed since the Oracle acquisition) CN=GTE CyberTrust Global RootWhat kind of error message can you expect to see from a failing 'wget' request? ERROR: Certificate verification error for getupdates.oracle.com: unable to get local issuer certificateIssue resolution: If you wish to ignore this failure you can use the '--no-check-certificate' switch in 'wget'. Example of the syntax: # /usr/sfw/bin/wget --http-user="xxxxxxxx" --http-passwd="xxxxxxx" --no-check-certificate "https://getupdates.oracle.com/all_unsigned/119254-77.zip" -O /tmp/119254-77.zip If you wish to check against the certificates, you can use the '--ca-certificate' switch to point to a file containing the certificates. http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1 has an attachment called WGET3_getupdates.pem, which is a concatenation of the two certificates. If you save this file locally (eg to /tmp/cacerts.pem), you can use a syntax similar to: HTH,# /usr/sfw/bin/wget --ca-certificate=/tmp/cacerts.pem --http-user="xxxxxxxx" --http-passwd="xxxxxxx" "http://sunsolve.sun.com/pdownload.pl?target=142284&method=h" -O /tmp/140778-01.zip -Don
--
Don O'Malley Manager, Patch System Test Revenue Product Engineering | Solaris | Hardware East Point Business Park, Dublin 3, Ireland Phone: +353 1 8199764 Team Alias: rpe_patch_system_test...@oracle.com |
- Re: [pca] getupdates.oracle.com now available... Don O'Malley
- Re: [pca] getupdates.oracle.com now avail... amy.rich
- Re: [pca] getupdates.oracle.com now ... Don O'Malley
- Re: [pca] getupdates.oracle.com now available for tes... amy.rich
- Re: [pca] getupdates.oracle.com now available for testing! Don O'Malley
- Re: [pca] getupdates.oracle.com now available for tes... Glen Gunselman
- Re: [pca] getupdates.oracle.com now available for tes... Rajiv Gunja
- Re: [pca] getupdates.oracle.com now available for... Don O'Malley
- Re: [pca] getupdates.oracle.com now available for testing! Gerard Henry
- Re: [pca] getupdates.oracle.com now available for tes... Martin Paul
- Re: [pca] getupdates.oracle.com now available for tes... Don O'Malley
- Re: [pca] getupdates.oracle.com now available for testing! Martin Paul
- Re: [pca] getupdates.oracle.com now available for testing! Dennis Clarke
- Re: [pca] getupdates.oracle.com now available for testing! Dennis Clarke