Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#611 closed defect (bug) (wontfix)

Add ^ SSL cert for clients that do not support subject alt names

Reported by: brianlayman's profile BrianLayman Owned by:
Milestone: Priority: low
Component: SSL Keywords:


Summary: Some clients, specifically older releases of wget, do not support alternative DNS names in certificates. A recent change to forcing https may cause Linux scripts to throw errors.

I've got scripts that forcibly maintain clean WP installs by going out and grabbing and installing it.
Within the last couple days the site changed to redirect that request to
The certificate on is explicitly for *, but does have an alternative name for
DNS Name=*

So this is what I get on my script runs today:
--2014-09-18 08:55:38--
Connecting to||:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: [following]
--2014-09-18 08:55:38--
Connecting to||:443... connected.
ERROR: certificate common name *' doesn't match requested host name'.
To connect to insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
unzip: cannot find or open, or

The source of the issue for me is that I have "GNU Wget 1.11.4 Red Hat modified" or older on most of the servers I manage. The issue is fixed in 1.12.

I'll update the wget on my servers, but thought this should still be logged for informational purposes, if nothing else.

Thank you to Nacin on the assist in diagnosing the true issue at hand..

Change History (2)

#1 @nacin
10 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

I'm glad we've documented this, but I'm not inclined to do anything about this. All modern browsers and even IE6 support SAN + wildcard SSL certs, so the only real-world issue is wget 1.11. I think it was fixed in 1.12.1.

#2 @doublesharp
10 years ago

Took me a second to update wget so in case it is helpful this is what I ran on my CentOS 5.11 machines. For some reason I had to alias /usr/local/bin/wget to /usr/bin/wget even though the former is in my path.

cd ~
yum -y remove wget
tar -xzvf wget-1.15.tar.gz
cd wget-1.15
./configure --with-ssl=openssl --prefix=/usr
make && make install
ln -s /usr/local/bin/wget /usr/bin/wget
Last edited 10 years ago by doublesharp (previous) (diff)
Note: See TracTickets for help on using tickets.