Wget doesn't check certificate

[savchenko]

In hetrixtools_agent.sh:

# Post data
wget -t 1 -T 30 -qO- --post-file="$ScriptPath/hetrixtools_agent.log" --no-check-certificate https://sm.hetrixtools.com/ &> /dev/null

What's the point of --no-check-certificate?..

sslyze --certinfo sm.hetrixtools.com:443 | grep -E 'Issuer|Status'
       Issuer:                            COMODO ECC Domain Validation Secure Server CA 2
       OCSP Response Status:              successful
       Cert Status:                       good

[hetrixtools]

Some systems that haven't installed or updated their CA certificates may run into SSL errors even when accessing valid SSL hosts. The --no-check-certificate is there to ensure maximum compatibility for our agent. Feel free to remove it in your agent, if you wish to do so; it should have no negative impact on most systems.

[savchenko]

I get your motivation, but to the best of my understanding this is welcoming MITM during agent deployment and data being posted to Hetrix.

[twiddern]

You may could add an switch like --ignore-cert-issues to the install code window, that user can use during deployment.
By default the certificate should be checked against local root-ca

[foxycode]

Solution could be embed certificate like here: https://github.com/calmh/smartos-platform-upgrade/blob/master/platform-upgrade