Curl Force Ssl
https connection using CURL from command line – Stack …
I am new to Curl and Cacerts world and facing a problem while connecting to a server.
Basically, I need to test connectivity over from one machine to another machine.
I have a URL to which I need to connect from Machine A (a linux machine)
I tried this on command prompt
cmd> curl [my domain or IP address]
and got the following:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
On going through some articles over internet I did this:
openssl s_client -connect
and got some response including the
server certificate (inside —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–).
What should I do next from here. I think, I will have to just copy paste the text inside
BEGIN CERTIFICATE & END CERTIFICATE and save it in a file.
But,
What type of file it should be?,?..
What should I be do after that?
I tried this – copied the text inside BEGIN CERTIFICATE & END CERTIFICATE and saved it in a file – named it as (also tried the same thing by naming it as file)
and then did this:
cmd>curl –cacert [my domain or IP address]
But got the same error.
tshepang11. 1k21 gold badges86 silver badges128 bronze badges
asked Apr 9 ’12 at 20:52
3
I had the same problem – I was fetching a page from my own site, which was served over HTTPS, but curl was giving the same “SSL certificate problem” message. I worked around it by adding a -k flag to the call to allow insecure connections.
curl -k
Edit: I discovered the root of the problem. I was using an SSL certificate (from StartSSL, but I don’t think that matters much) and hadn’t set up the intermediate certificate properly. If you’re having the same problem as user1270392 above, it’s probably a good idea to test your SSL cert and fix any issues with it before resorting to the curl -k fix.
answered Feb 10 ’14 at 17:57
Dave ChildDave Child6, 7122 gold badges23 silver badges37 bronze badges
1
Simple solution
That’s my everyday script:
curl –insecure -v 2>&1 | awk ‘BEGIN { cert=0} /^\* Server certificate:/ { cert=1} /^\*/ { if (cert) print}’
Output:
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=* start date: 2016-01-07 11:34:33 GMT
* expire date: 2016-04-06 00:00:00 GMT
* issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* SSL certificate verify ok.
* Server GFE/2. 0 is not blacklisted
* Connection #0 to host left intact
answered Jan 15 ’16 at 13:22
4
You need to provide the entire certificate chain to curl, since curl no longer ships with any CA certs. Since the cacert option can only use one file, you need to concat the full chain info into 1 file
Copy the certificate chain (from your browser, for example) into DER encoded binary x. 509(). Do this for each cert.
Convert the certs into PEM, and concat them into 1 file.
openssl x509 -inform DES -in -out -text
cat * > certRepo
curl –cacert certRepo -u user:passwd -X GET -H ‘Content-Type: application/json’ “//”
I wrote a blog on how to do this here:
answered Oct 21 ’15 at 9:09
Somaiah KumberaSomaiah Kumbera6, 0963 gold badges34 silver badges41 bronze badges
use –cacert to specify a file.
for example.
answered Apr 30 ’13 at 10:03
anoano2412 silver badges2 bronze badges
I actually had this kind of problem and I solve it by these steps:
Get the bundle of root CA certificates from here: and save it on local
Find the file
Set the to be the path of the certificates. So it will something like:
= /path/of/the/keys/
answered Feb 17 ’16 at 9:22
geckobgeckob6, 4894 gold badges28 silver badges37 bronze badges
0
having dignosed the problem
I was able to use the existing system default CA file, on debian6 this is:
/etc/ssl/certs/
as root this can be done like:
echo >> /etc/php5/mods-available/
then re-start the web-server.
answered Dec 7 ’16 at 22:18
JasenJasen10. 7k2 gold badges27 silver badges42 bronze badges
you could use this
curl_setopt($curl->curl, CURLOPT_SSL_VERIFYPEER, false);
answered Mar 13 ’18 at 9:11
Ahmed AliAhmed Ali3325 silver badges14 bronze badges
For me, I just wanted to test a website that had an automatic -> redirect. I think I had some certs installed already, so this alone works for me on Ubuntu 16. 04 running curl 7. 47. 0 (x86_64-pc-linux-gnu) libcurl/7. 0 GnuTLS/3. 4. 10 zlib/1. 2. 8 libidn/1. 32 librtmp/2. 3
curl –proto-default
answered Jan 8 ’18 at 19:01
SamCyanideSamCyanide3234 silver badges15 bronze badges
You need the certificates chain and not a single certificate.
It is easy to get it using Firefox:
Open the url in Firefox.
Click on the security icon on the address box left to the url.
Click on connection not secure, more information. Under the security tab, select view certificate, scroll toward the end. Next to download, select the PEM(chain) to download the chain of certificates.
Now you have the chain of certificates as a file that you can use in the curl request after the –cacert flag:
curl –cacert -X POST the-url-to-access
answered Jun 30 at 13:23
Tal HahamTal Haham1, 1228 silver badges15 bronze badges
What’s wrong with wget?
It not one to moan about standard leaving it behind.
answered Sep 7 at 2:56
Louis WaweruLouis Waweru3, 45010 gold badges34 silver badges52 bronze badges
With modern versions of curl, you can simply override which ip-address to connect to, using –resolve or –connect-to (curl newer than version 7. 49). This works even with SSL/SNI. All details are in the man page.
For example, to override DNS and connect to with ssl using a particular ip address: (This will also override ipv6)
curl –resolve
Another example, to connect to a particular backend server named backend1 on port 8080
curl –connect-to
Remember to add the host header if the server needs that to answer correctly:
-H ‘Host:’
answered Nov 13 ’18 at 9:02
Not the answer you’re looking for? Browse other questions tagged curl ssl command-line certificate or ask your own question.
HTTPS Connection Using Curl | Baeldung on Linux
1. Overview
curl is a command-line tool that supports many web protocols like HTTPS.
In this tutorial, we’ll look at how to use curl to invoke an HTTPS endpoint.
2. Trusted CA Signed SSL Certificates
The simplest syntax to use with curl is curl
curl In this case, curl is making a GET request and returns the page source without any error because the server uses Trusted CA Signed SSL Certificates. This means that the server is using a certificate that was signed by a trusted authority.
3. Self-Signed Certificates
Sometimes, if a server is using a self-signed certificate, we’ll encounter the error “SSL certificate problem: self-signed certificate” when making a curl request. This means that the server is not using a certificate that was signed by a trusted authority.
Let’s say we’re running a local Spring Boot project that’s configured with TLS.
One way to handle this is to force curl to ignore the certificate verification, using the -k or –insecure flag:
curl -k localhost:8443/baeldung
However, ignoring HTTPS errors can be very insecure. Instead, another option is to use the certificate from the server we’re trying to access.
3. Getting Server Certificate
When we call an HTTPS endpoint using one-way SSL, the client validates the receiving server certificate with the certificate that it has available. Therefore, we’ll need to save the shared server certificate in the client.
To retrieve a list of server certificates, we’ll use the OpenSSL command, with the -showcerts argument:
openssl s_client -showcerts -connect
The -showcerts option prints out the complete certificate chain. We can save the certificates into a file to invoke the endpoint:
openssl s_client -showcerts -connect localhost:8443/baeldung
3. 2. Invoking an HTTPS Endpoint
To invoke the HTTPS endpoint, we’ll first save the server certificate from the local server using the OpenSSL command or keystore file.
Then we’ll use the server certificate in the curl request along with the –cacert option:
curl –cacert localhost:8443/baeldung
4. Conclusion
In this tutorial, we described how to invoke an HTTPS endpoint using the curl tool.
How To Use Curl with HTTPS Protocol and URLS? – POFTUT
Curl is a command line tool and library which implements protocols like HTTP, HTTPS, FTP etc. Curl also supports HTTPS protocol which is secure version of the HTTP. Using curl may create some problems. We will examine how to solve these curl HTTPS related problems.
We will start with the installation of the curl tool with the following command.
Ubuntu, Debian, Mint, Kali:
$ sudo apt install curl
Fedora, CentOS, RHEL:
$ sudo yum install curl
Especial in self-signed or expired X. 509 or SSL/TLS certificates may create problems. The error detail is printed to the terminal. As an example, we will try to access and we will get an error like
curl: (51) SSL: no alternative certificate subject name matches target host name ”
AND we run following command.
$ curl curl SSL/TLS Problems
In order to prevent this error and accept an insecure certificate, we need to provide–insecure This will accept all provided certificates without complaining about it.
$ curl –insecure Allow Insecure Connections
If we do not want to use web site provided certificate and provide sites HTTPS certificate manually we can use -E or –cert option with the certificate file. In this example, we will use a certificate named order to connect $ curl -E
In some cases, we may need to use another certificate chain then internet. Certificate chains provide a trust relationship between hierarchical certificates where the leaf is the site certificate we want to navigate. Certificate Authority is the top certificate which is provided by Certification Authority firms. We can provide another certificate authority like our company local certificate authority with the –cacert option.
$ curl –cacert
Frequently Asked Questions about curl force ssl
How do you curl SSL?
To force Curl to bypass SSL certificate validation for local development servers, you can pass the -k or –insecure option to the Curl command. This option explicitly tells Curl to perform “insecure” SSL connections and file transfers.Jul 6, 2021
Does Curl use SSL certificate?
curl: (60) SSL certificate problem: Invalid certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a “bundle” of Certificate Authority (CA) public keys (CA certs).Jun 30, 2021
Can curl work with https?
Curl is a command line tool and library which implements protocols like HTTP, HTTPS, FTP etc. Curl also supports HTTPS protocol which is secure version of the HTTP.Sep 5, 2018