On 25/03/2019 16.04, Hermann-Josef Beckers wrote:
...
You apparently have intercepting proxy that terminates SSL stream so it has access to unencrypted data. Such gateways then establish new SSL connection to final destination. Is it proxy under your control?
...
Not me personally, but by our network admins.
Well, you need to contact your admins then and ask them. If it is intentional and required by your site policy, there is not much you can do except ignoring certificate validation errors.
I did that and they advise me to use the already mentioned *.cer file. "The server must trust this certificate". I'm back to the question: how do i do that? Which tool must I use?
That is absurd. Or they mean using the gateway certificate? Or... You posted this.
wget --no-check-certificate https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-opensuse/* Warning: wildcards not supported in HTTP. --2019-03-25 14:43:48-- https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-opensuse/* Connecting to 10.X.Y.Z:3128... connected. WARNING: cannot verify www.collaboraoffice.com's certificate, issued by ‘CN=mwg.MYGATEWAY.lokal,C=DE,ST=NRW,L=Steinfurt,O=Kreis Steinfurt’: Self-signed certificate encountered.
notice that you are not connecting to www.collaboraoffice.com on internet, but to a local (to you) address. And the certificate of that site is also local, from "mwg.MYGATEWAY.lokal". Unless you have redacted all those names and thus confusing us. You then would need to create a certificate authority for your intranet, and add that master certificate to your machine chain for trusting your intranet certificates. Your network admins should know how to do all that. But a self signed certificate inside your computer will not help at all, AFAIK. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)