Curl Ignore Certificate
How to ignore invalid and self signed ssl connection errors …
I wanted to curl command to ignore SSL certification warning. Does curl command have a –no-check-certificate option like wget command on Linux or Unix-like system?
You need to pass the -k or –insecure option to the curl command. This option explicitly allows curl to perform “insecure” SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. Let us see how to make curl ignore SSL/TLS certificate errors under Linux or Unix-like systems.
Tutorial details
Difficulty level Easy Root privileges No Requirements curl on Linux/Unix Est. reading time 2 minutes
Does curl have a –no-check-certificate option like wget command on Linux?
The syntax is as follows that allows curl command to work with “insecure” or “invalid” SSL certificates without certicates:
curl -k url
curl –insecure url
curl –insecure [options] url
curl –insecure -I url
cURL ignore SSL certificate warnings command
In this example disable certificate verification for curl command:
curl –insecure -I OR
curl -k -O Without the -k or –insecure option, you will get an error message that read as follows:
curl: (60) SSL certificate problem: Invalid certificate chain
More details here:
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the –cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or –insecure) option.
Here is one useful example where you want to grab a file or see header info from remote host without using SSL enabled SNI domain name:
curl -O –insecure –header ‘Host: ‘ -I ### OR ###
curl -k –header ‘Host: ‘ -I
Sample outputs:
Fig. 01: Ignoring certificate warnings and saving the page or getting header info using curl command
How to apply the changes for all HTTPS connection
You can add insecure option to your $HOME/ file:
$ vi $HOME/
Append the following:
Patreon supporters only guides
insecure
Save and close the file. However, I do not recommend disabling SSL checks for all connections by default for security reasons.
How to specify CA to your trusted CA bundle for curl on the cli
One can try the following command for a self signed SSL/TLS certificates:
curl –cacert /pth/to/my/ url
curl –header ‘Host: ‘ –cacert /pth/to/my/ Summing up
Now you know how to make the curl command ignore SSL/TLS certificate errors bypassing the -k option. Please note that it is not good security practice to ignore SSL/TLS all time. Only do this if you are 100% sure about it. For instance, you can ignore it when you have installed a self-signed TLS/SSL certificate for your web apps or the web-based management console.
ADVERTISEMENT
CategoryList of Unix and Linux commandsDocumentationhelp • mandb • man • pinfoDisk space analyzersdf • duf • ncdu • pydfFile Managementcat • cp • less • mkdir • more • treeFirewallAlpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16. 04 • Ubuntu 18. 04 • Ubuntu 20. 04Linux Desktop AppsSkype • Spotify • VLC 3Modern utilitiesbat • exaNetwork UtilitiesNetHogs • dig • host • ip • nmapOpenVPNCentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18. 04Package Managerapk • aptProcesses Managementbg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtopSearchingag • grep • whereis • whichShell builtinscompgen • echo • printfText processingcut • revUser Informationgroups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • wWireGuard VPNAlpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20. 04
How to ignore SSL certificate errors when using Curl? – ReqBin
How to ignore SSL certificate errors when using Curl? REQBIN To ignore invalid and self-signed certificate checks on Curl, use the -k or –insecure command-line option. This option allows Curl to perform “insecure” SSL connections and skip SSL certificate checks while you still have SSL encrypted communications. If you make an HTTPS request to a resource with an invalid or expired SSL certificate without the -k or –insecure option, you will receive a curl: (60) SSL certificate: invalid certificate chain: error message. You can use to test Curl commands on insecure hosts with the option to ignore certificate checks.
How to Make curl Ignore Certificate Errors {Easy Fix}
Introduction
If you need to make curl ignore certificate errors, make sure you know the consequences of insecure SSL connections and transfers.
You should only practice skipping certificate checks for development purposes.
In this tutorial, you learn how to make curl ignore certificate errors.
Make curl Ignore SSL Errors
The basic syntax for ignoring certificate errors with the curl command is:
curl –insecure [URL]
Alternatively, you can use:
curl -k [URL]
A website is insecure if it has an expired, misconfigured, or no SSL certificate ensuring a safe connection. When you try to use curl to connect to such a website, the output responds with an error.
Note: The –insecure (-k) options is similar to the wget –no-check-certificate command used to avoid certificate authorities checking for a server certificate. To see how wget skips certificate checks, refer to the guide How To Use Wget Command With Examples.
For instance, if you run the command:
curl
The output should display the content of the URL. However, since this website has an invalid SSL certificate, it shows an error as in the example below.
curl: (60) SSL: no alternative certificate subject name matches target host name ”
This means “peer certificate cannot be authenticated with known CA certificates. ”
To bypass this constraint, you can use the –insecure (or -k) option allowing insecure server connections when using SSL. Therefore, you would run:
curl -k
Conclusion
After reading this article, you should know how to make curl ignore certificate errors. Although this is done simply by adding the -k option, do not instruct curl to ignore SSL errors unless required for development purposes.
Don’t miss out on our other curl guides such as How To Set Or Change User Agent With Curl.
Frequently Asked Questions about curl ignore certificate
How do I ignore a certificate in curl?
To ignore invalid and self-signed certificate checks on Curl, use the -k or –insecure command-line option. This option allows Curl to perform “insecure” SSL connections and skip SSL certificate checks while you still have SSL encrypted communications.Jul 9, 2021
How do I bypass a validation certificate?
To disable the validation of server certificates in Windows 7:Navigate to Control Panel > Network and Sharing Center > Manage wireless networks. … Right-click the network in question and choose Properties.On the Security tab, click Settings.Along the top, uncheck the box for Validate server certificate.Oct 5, 2020
Does curl do certificate validation?
libcurl performs peer SSL certificate verification by default. This is done by using a CA certificate store that the SSL library can use to make sure the peer’s server certificate is valid.
