>From 01c307daeefa4736b7aa7c82c2d3eade05c3ba55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81ngel=20Gonz=C3=A1lez?= Date: Thu, 10 Dec 2015 23:02:14 +0100 Subject: [PATCH] doc/wget.texi: Hint that you can pin to a self-signed certificate instead of using --no-check-certificate --- doc/wget.texi | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/doc/wget.texi b/doc/wget.texi index 64cb056..f3925ca 100644 --- a/doc/wget.texi +++ b/doc/wget.texi @@ -1725,9 +1725,12 @@ this option to bypass the verification and proceed with the download. site's authenticity, or if you really don't care about the validity of its certificate.} It is almost always a bad idea not to check the certificates when transmitting confidential or important data. -If you are really sure of what you are doing, you can specify ---check-certificate=quiet to tell wget to not print any warning about -invalid certificates, in most cases this is the wrong thing to do. +For self-signed/internal certificates, you should download the certificate +and verify against that instead of forcing this insecure mode. +If you are really sure of not desiring any certificate verification, you +can specify --check-certificate=quiet to tell wget to not print any +warning about invalid certificates, albeit in most cases this is the +wrong thing to do. @cindex SSL certificate @item address@hidden -- 2.6.2