wget with SSL

Last week we faced an  issue to connect to a webservice which is SSL enabled  ..

To troubleshoot this issue ,we want to check ,whether we are able to connect that wsdl using wget ..

So this blog is dedicated to all those who want to conenct a wsdl or any URL which is SSL enabled :- )

You have 2 options ...one is


We can use the below 2 Arguments for testing the SSL handshake


1. --no-check-cert  //this will ignore the certificate check and you can see whether you are able to connect to the server or not...

2. --certificate=FILE

Syntax :

1. wget --no-check-cert https:

2. wget --certificate=Location of JKS https://



Example with --no-check-cert



As I don’t have access to the SIT environment ,I have used the soadev03. Giving the location of the certificate in wget using the argument



[weblogic@ngmlx504 security]$ wget --no-check-cert https://ashraftp-engineer/em

For more options ..Please check the arguements below which you can pass with wget for SSL enabeld URLs ...


HTTPS (SSL/TLS) options:


--secure-protocol=PR choose secure protocol, one of auto, SSLv2,

SSLv3, and TLSv1.

--no-check-certificate don't validate the server's certificate.

--certificate=FILE client certificate file.

--certificate-type=TYPE client certificate type, PEM or DER.

--private-key=FILE private key file.

--private-key-type=TYPE private key type, PEM or DER.

--ca-certificate=FILE file with the bundle of CA's.

--ca-directory=DIR directory where hash list of CA's is stored.

--random-file=FILE file with random data for seeding the SSL PRNG.

--egd-file=FILE file naming the EGD socket with random data.



How to check certificate validity using keytool command


keytool -list -v -keystore $WLSDOMAIN/certs/appTrustKeyStore.jks -storepass <>
egrep "Alias
Valid"



Other Useful commands:

Java Keytool Commands for Creating and Importing





These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

•Generate a Java keystore and key pairkeytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

•Generate a certificate signing request (CSR) for an existing Java keystorekeytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr

•Import a root or intermediate CA certificate to an existing Java keystorekeytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks

•Import a signed primary certificate to an existing Java keystorekeytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

•Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytool for more info)keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java keystore, use these commands.

•Check a stand-alone certificatekeytool -printcert -v -file mydomain.crt

•Check which certificates are in a Java keystorekeytool -list -v -keystore keystore.jks

•Check a particular keystore entry using an aliaskeytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands

•Delete a certificate from a Java Keytool keystorekeytool -delete -alias mydomain -keystore keystore.jks

•Change a Java keystore passwordkeytool -storepasswd -new new_storepass -keystore keystore.jks

•Export a certificate from a keystorekeytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

•List Trusted CA Certskeytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

•Import New CA into Trusted Certskeytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

http://lokeshtc.blogspot.co.uk/2012/10/how-to-check-certificate-validity-using.html