Update Feb 23, 2012: The latest version of curl for MacPorts simplifies the Ruby solution for this issue. Refer to the bottom of this post.
Maybe you’ve seen this?
$ wget https://github.com/ ERROR: The certificate of `github.com' is not trusted. ERROR: The certificate of `github.com' hasn't got a known issuer.
If you’re like me, you’ve installed Wget with MacPorts. This version of Wget apparently does not include the necessary root SSL certificates, nor does it know where to find the ones already on your Mac. Luckily the solution is easy.
sudo port install curl-ca-bundle
Add CA_CERTIFICATE to ~/.wgetrc
echo CA_CERTIFICATE=/opt/local/share/curl/curl-ca-bundle.crt >> ~/.wgetrc
Fixed! If you’re curious, I’ve added this .wgetrc to my dotfiles project as well.
I ran into a similar problem in Ruby 1.9.3p0, which I compiled and installed via ruby-build. In this case, the error looks like this:
irb(main):001:0> require 'open-uri' irb(main):002:0> open('https://github.com/') OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Again, we can trace this back to MacPorts. My Ruby was complied against the MacPorts version of openssl, which can’t find the all-important certificates.
curl-ca-bundle as described above. Then:
Symlink the certificates
sudo ln -s /opt/local/share/curl/curl-ca-bundle.crt /opt/local/etc/openssl/cert.pem
Update Feb 23, 2012: The latest version of
curl-ca-bundle for MacPorts (7.24.0) creates this symlink for you automatically when you install the port. If you’ve created the link manually, you’ll need to delete it before MacPorts will allow you to upgrade to