# links ssl

## ev56o

I must use links for request a page under https

```

Verification failure: unable to get local issuer certificate

```

this is the output.

I read i have to export the certificate by Firefox and install in /etc/ssl with the command update-ca-certificates -f -v.

I don 't understand how to export the certificate from Firefox:

edit >preferences > authorities or servers?

----------

## Sadako

Try "Edit -> Preferences -> Advanced -> Encryption -> View Certificates", you should be able to export the server and authority certs listed from there...

----------

## ev56o

Yes. But this is what i wrote in my previous post.

Edit -> Preferences -> Advanced -> Encryption -> View Certificates > what tab?

----------

## ev56o

Is there someone can halp me, please.

----------

## Hu

Export whichever CA certificate signed the certificate of the site in question.  It is probably under Authorities, unless it is a certificate that you manually whitelisted in Firefox.

----------

## ev56o

I didn' t whitelisted the certificate. I buy the certificate from Verisign.

In the:

Edit -> Preferences -> Advanced -> Encryption -> View Certificates > Authorities

i exported any certificate marked verisign and installed (/etc/ssl, update-ca-certificates...)

```

marco m # ls /home/m/ver/*

/home/m/ver/BuiltinObjectToken:VerisignClass1PublicPrimaryCertificationAuthority

/home/m/ver/BuiltinObjectToken:VerisignClass1PublicPrimaryCertificationAuthority-G2

/home/m/ver/BuiltinObjectToken:VerisignClass2PublicPrimaryCertificationAuthority

/home/m/ver/BuiltinObjectToken:VerisignClass2PublicPrimaryCertificationAuthority-G2

/home/m/ver/BuiltinObjectToken:VerisignClass3PublicPrimaryCertificationAuthority

/home/m/ver/BuiltinObjectToken:VerisignClass3PublicPrimaryCertificationAuthority-G2

/home/m/ver/BuiltinObjectToken:VerisignClass4PublicPrimaryCertificationAuthority-G2

/home/m/ver/SunMicrosystemsIncSSLCA

/home/m/ver/ThawteSGCCA

/home/m/ver/VeriSignClass1PublicPrimaryCertificationAuthority-G3

/home/m/ver/VeriSignClass2PublicPrimaryCertificationAuthority-G3

/home/m/ver/VeriSignClass3PublicPrimaryCertificationAuthority-G3

/home/m/ver/VeriSignClass3PublicPrimaryCertificationAuthority-G4

/home/m/ver/VeriSignClass3PublicPrimaryCertificationAuthority-G5

/home/m/ver/VeriSignClass4PublicPrimaryCertificationAuthority-G3

/home/m/ver/VeriSign,Inc.

/home/m/ver/VeriSignUniversalRootCertificationAuthority

marco m # cp /home/m/ver/* /etc/ssl/certs/

marco m # update-ca-certificates -f -v

Clearing symlinks in /etc/ssl/certs...done.

Updating certificates in /etc/ssl/certs... Doing .

ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.pem => fe30b214.0

AddTrust_External_Root.pem => 157753a5.0

AddTrust_Low-Value_Services_Root.pem => 861a399d.0

AddTrust_Public_Services_Root.pem => 8b59b1ad.0

AddTrust_Qualified_Certificates_Root.pem => e536d871.0

America_Online_Root_Certification_Authority_1.pem => eacdeb40.0

America_Online_Root_Certification_Authority_2.pem => 201cada0.0

AOL_Time_Warner_Root_Certification_Authority_1.pem => ed9bb25c.0

AOL_Time_Warner_Root_Certification_Authority_2.pem => 12ac4d91.0

Baltimore_CyberTrust_Root.pem => 653b494a.0

beTRUSTed_Root_CA-Baltimore_Implementation.pem => a137bd1c.0

beTRUSTed_Root_CA_-_Entrust_Implementation.pem => 686ef281.0

beTRUSTed_Root_CA.pem => f2cce23a.0

beTRUSTed_Root_CA_-_RSA_Implementation.pem => 16b3fe3c.0

brasil.gov.br.pem => b4f0b7e7.0

cacert.org.pem => 99d0fa06.0

Camerfirma_Chambers_of_Commerce_Root.pem => f90208f7.0

Camerfirma_Global_Chambersign_Root.pem => cb59f961.0

ca.pem => 656b3e35.0

cert_igca_dsa.pem => 3ee7e181.0

cert_igca_rsa.pem => 3ee7e181.1

Certplus_Class_2_Primary_CA.pem => f060240e.0

Certum_Root_CA.pem => 442adcac.0

Comodo_AAA_Services_root.pem => ee64a828.0

COMODO_Certification_Authority.pem => 40547a79.0

COMODO_ECC_Certification_Authority.pem => eed8c118.0

Comodo_Secure_Services_root.pem => c9f83a1c.0

Comodo_Trusted_Services_root.pem => 56657bde.0

deutsche-telekom-root-ca-2.pem => 812e17de.0

DigiCert_Assured_ID_Root_CA.pem => b1159c4c.0

DigiCert_Global_Root_CA.pem => 3513523f.0

DigiCert_High_Assurance_EV_Root_CA.pem => 244b5494.0

DigiNotar_Root_CA.pem => 46f053f0.0

Digital_Signature_Trust_Co._Global_CA_1.pem => a6a593ba.0

Digital_Signature_Trust_Co._Global_CA_2.pem => 4615970e.0

Digital_Signature_Trust_Co._Global_CA_3.pem => 9f541fb4.0

Digital_Signature_Trust_Co._Global_CA_4.pem => 40e67a49.0

DST_ACES_CA_X6.pem => 790a7190.0

DST_Root_CA_X3.pem => 2e5ac55d.0

Entrust.net_Global_Secure_Personal_CA.pem => af4f0c93.0

Entrust.net_Global_Secure_Server_CA.pem => 4efc7a23.0

Entrust.net_Premium_2048_Secure_Server_CA.pem => aee5f10d.0

Entrust.net_Secure_Personal_CA.pem => 166851b2.0

Entrust.net_Secure_Server_CA.pem => 5f267794.0

Entrust_Root_Certification_Authority.pem => 6b99d060.0

Equifax_Secure_CA.pem => 578d5c04.0

Equifax_Secure_eBusiness_CA_1.pem => 79ad8b43.0

Equifax_Secure_eBusiness_CA_2.pem => 4597689c.0

Equifax_Secure_Global_eBusiness_CA.pem => ef2f636c.0

Firmaprofesional_Root_CA.pem => ce026bf8.0

GeoTrust_Global_CA_2.pem => cbeee9e2.0

GeoTrust_Global_CA.pem => 2c543cd1.0

GeoTrust_Primary_Certification_Authority.pem => 480720ec.0

GeoTrust_Universal_CA_2.pem => 8867006a.0

GeoTrust_Universal_CA.pem => ad088e1d.0

GlobalSign_Root_CA.pem => 5ad8a5d6.0

GlobalSign_Root_CA_-_R2.pem => 4a6481c9.0

Go_Daddy_Class_2_CA.pem => f081611a.0

GTE_CyberTrust_Global_Root.pem => c692a373.0

GTE_CyberTrust_Root_CA.pem => 2835ab7b.0

IPS_Chained_CAs_root.pem => 0a8f0c78.0

IPS_CLASE1_root.pem => dc4ebcb9.0

IPS_CLASE3_root.pem => 0750887b.0

IPS_CLASEA1_root.pem => 5a950642.0

IPS_CLASEA3_root.pem => 6db5a580.0

IPS_Servidores_root.pem => a01d1cc2.0

IPS_Timestamping_root.pem => d495d385.0

NetLock_Business_=Class_B=_Root.pem => b7e7231a.0

NetLock_Express_=Class_C=_Root.pem => 2ab3b959.0

NetLock_Notary_=Class_A=_Root.pem => d9d12c58.0

NetLock_Qualified_=Class_QA=_Root.pem => 861e0100.0

Network_Solutions_Certificate_Authority.pem => 4304c5e5.0

QuoVadis_Root_CA_2.pem => d7e8dc79.0

QuoVadis_Root_CA_3.pem => 76faf6c0.0

QuoVadis_Root_CA.pem => 080911ac.0

RSA_Root_Certificate_1.pem => 9af9f759.0

RSA_Security_1024_v3.pem => 11c69ce5.0

RSA_Security_2048_v3.pem => c99398f3.0

Secure_Global_CA.pem => b66938e9.0

SecureTrust_CA.pem => f39fc864.0

Security_Communication_Root_CA.pem => f3377b1b.0

signet_ca1_pem.pem => 5c67e263.0

signet_ca2_pem.pem => 1503d3dd.0

signet_ca3_pem.pem => f15719eb.0

signet_ocspklasa2_pem.pem => b293fb2c.0

signet_ocspklasa3_pem.pem => 0d8b9131.0

signet_pca2_pem.pem => bccd5223.0

signet_pca3_pem.pem => a9603aca.0

signet_rootca_pem.pem => e1213163.0

signet_tsa1_pem.pem => ad493b2e.0

Sonera_Class_1_Root_CA.pem => 67d559d1.0

Sonera_Class_2_Root_CA.pem => 9c2e7d30.0

spi-ca-2003.pem => b097d71d.0

spi-cacert-2008.pem => ec87c655.0

Staat_der_Nederlanden_Root_CA.pem => b42ff584.0

Starfield_Class_2_CA.pem => f387163d.0

StartCom_Certification_Authority.pem => ae8153b9.0

StartCom_Ltd..pem => d0cba2e5.0

Swisscom_Root_CA_1.pem => 667c66d4.0

SwissSign_Gold_CA_-_G2.pem => 4f316efb.0

SwissSign_Platinum_CA_-_G2.pem => a8dee976.0

SwissSign_Silver_CA_-_G2.pem => 57bcb2da.0

Taiwan_GRCA.pem => 6410666e.0

TC_TrustCenter__Germany__Class_2_CA.pem => 48ef30f1.0

TC_TrustCenter__Germany__Class_3_CA.pem => 972672fc.0

TDC_Internet_Root_CA.pem => 9b353c9a.0

TDC_OCES_Root_CA.pem => 2cfc4974.0

Thawte_Personal_Basic_CA.pem => 3a7f6b22.0

Thawte_Personal_Freemail_CA.pem => 64d1f6f4.0

Thawte_Personal_Premium_CA.pem => 09ca81a7.0

Thawte_Premium_Server_CA.pem => 98ec67f0.0

thawte_Primary_Root_CA.pem => 2e4eed3c.0

Thawte_Server_CA.pem => 6cc3c4c3.0

Thawte_Time_Stamping_CA.pem => 9e6afd31.0

TURKTRUST_Certificate_Services_Provider_Root_1.pem => 88f89ea7.0

TURKTRUST_Certificate_Services_Provider_Root_2.pem => 039c618a.0

UTN_DATACorp_SGC_Root_CA.pem => 778e3cb0.0

UTN_USERFirst_Email_Root_CA.pem => c5e082db.0

UTN_USERFirst_Hardware_Root_CA.pem => b13cc6df.0

UTN-USER_First-Network_Applications.pem => 57b0f75e.0

ValiCert_Class_1_VA.pem => 20d096ba.0

ValiCert_Class_2_VA.pem => 55a10908.0

Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem => b8e83700.0

Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem => ee1365c0.0

Verisign_Class_1_Public_Primary_Certification_Authority.pem => 24ad0b63.0

Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem => cb357862.0

Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem => dc45b0bd.0

Verisign_Class_2_Public_Primary_Certification_Authority.pem => 0f11b315.0

Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem => 1ec4d31a.0

Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem => c0ff1f52.0

VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem => b204d74a.0

Verisign_Class_3_Public_Primary_Certification_Authority.pem => 415660c1.0

Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem => 6faac4e3.0

Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem => bad35b78.0

Verisign_RSA_Secure_Server_CA.pem => 106cd822.0

Verisign_Time_Stamping_Authority_CA.pem => 6cb3815b.0

Visa_eCommerce_Root.pem => a760e1bd.0

Visa_International_Global_Root_2.pem => 3dfd7537.0

Wells_Fargo_Root_CA.pem => 03f0efa4.0

WellsSecure_Public_Root_Certificate_Authority.pem => 7d5a75e4.0

XRamp_Global_CA_Root.pem => 706f604c.0

141 added, 0 removed; done.

Running hooks in /etc/ca-certificates/update.d....done.

marco m # links --dump https://www.ilfollettoirlandese.it

Unknown option --dump

marco m # links -dump https://www.ilfollettoirlandese.it

Verification failure: unable to get local issuer certificate

Verification failure: unable to get local issuer certificate

Verification failure: unable to get local issuer certificate

SSL error

marco m # /etc/init.d/apache2 restart

 * Stopping apache2 ...

apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName                                                                                [ ok ]

 * Starting apache2 ...

apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName                                                                                [ ok ]

marco m # links -dump https://www.ilfollettoirlandese.it

Host not found

```

----------

## Hu

If you bought the certificate from VeriSign, I would expect that links should already trust it.  VeriSign is sufficiently well known that most databases of public CAs ought to know it.

----------

## chiefbag

You should probably check that you have correctly installed the root CA chain on your apache server if this is your own site. 

Also I would suggest using wget if you are running some kind of test script against the server as you can from what I recall easily override this issue on the command line.

----------

## chiefbag

Have a look at the below link which details the root CA chain that you should add to your apache config. 

Check the apache docs for information on how to configure your ssl config. 

http://www.verisign.com/support/roots.html

----------

## ev56o

Yeah! You are right! wget is the solution

```

 wget -q --spider --no-check-certificate

```

it' s more appropriate than links --dump

Thank you and congratulations.

----------

