I am setting up some temporary tinderboxes to repack localization builds. Because I don’t trust the DNS service from my home ISP, I wanted to download builds from ftp.mozilla.org using HTTPS. It turns out this was quite the challenging task, due to the following cute and relatively useless error message:<\/p>\n
ERROR: Certificate verification error for ftp.mozilla.org: unable to get local issuer certificate
\nTo connect to ftp.mozilla.org insecurely, use '--no-check-certificate'.<\/tt><\/p><\/blockquote>\nWhat this really means is “your copy of wget\/OpenSSL didn’t come with any root certificates, and HTTPS just isn’t going to work until you get them and I know about them.”<\/p>\n
Getting Root Certificates<\/h3>\n
The best way to get the root certificates you need is at this website<\/a>. It has a tool that will convert the root certificates built-in to Mozilla NSS into the PEM format that OpenSSL expects. It also has pre-converted PEM files available for download if you’re lazy.<\/p>\n
Installing cacert.pem into MozillaBuild (Windows)<\/h3>\n
To install cacert.pem so that it works with MozillaBuild:<\/p>\n