On Sat, Jul 7, 2012 at 4:02 PM, <proper@...> wrote:
> <noloader@...> wrote:
>> You pin a certificate by whitelisting expected server certificates
>> (possibly thumbprints).
> So my original question was how do I get wget to verify the torproject.org
> fingerprint  without depending on root CA's? The only possible solution
> I saw was downloading the torproject.org SSL public key, run a local CA,
> sign the certificate and run wget with the --ca-certificate switch. That's why
> I posted the question "Sign public key without having CSR or private key?".
> If there are any suggestions for this situation I am all ears.