Sending HTTPS requests with Curl

To send an HTTPS request using Curl, pass the destination endpoint that supports SSL connections on the Curl command line. Curl will automatically establish an SSL connection with the server. When Curl sends a request to an HTTPS URL, it checks the SSL certificate against the certificate store of the local CA. Curl returns the error message Certificate Verify Failed for expired and self-signed certificates. You can bypass certificate checking by passing -k or --insecure to Curl. Click Run to execute the Curl HTTPS request online and see the results.
Sending HTTPS requests with Curl Run
curl -k https://expired.badssl.com
Updated: Viewed: 39791 times

What is Curl?

Curl is a command line tool for transferring data to and from servers. Curl supports over 25+ protocols including HTTP and HTTPS. Curl works on all modern platforms and hardware, including Linux, Windows, and macOS, and is widely used by developers to test APIs and automate tasks that involve sending data over the network and testing the availability of various services.

What is HTTPS?

HTTPS (Secure Hypertext Transfer Protocol) is a secure version of HTTP, the primary Internet protocol used to transfer data between a web browser and a website. HTTPS runs on top of the lower layer SSL protocol (stands for Secure Sockets Layer) and transfers data over the network in an encrypted form to improve data security and prevent unauthorized persons from reading this data. SSL and its more secure version called TLS (Transport Layer Security) use digital certificates and robust encryption algorithms to encrypt data.

How does Curl check HTTPS connections?

Curl verifies the SSL certificate of the target URL against the local CA certificate store that comes with the Curl installation. CA certificates are retrieved from the Mozilla CA certificate store and can be manually updated by downloading the cacert.pem file from the CA Extract website and replacing the curl-ca-bundle.crt file in the Curl installation folder. The connection is verified by testing that the server certificate contains the correct hostname and is up to date. For expired and self-signed SSL/TLS certificates, Curl returns the error: "SSL certificate problem, verify that the CA cert is OK."

How to allow insecure HTTPS connections using Curl?

To bypass certificate validation, pass the -k or --insecure flag to Curl. This will tell Curl to ignore certificate errors and accept insecure certificates without complaining about them.

CURL Insecure HTTPS Connection Example
curl -k https://reqbin.com/echo

How to send a client certificate using Curl?

To send a client certificate to the server when communicating over HTTPS or FTPS protocol, you can use the -E or --cert command-line switch. The client certificate must be in PKCS#12 format for Secure Transport or PEM format if using any other mechanism.

CURL Client Certificate Example
curl -E cerfile.crt https://reqbin.com/echo
curl --cert cerfile.crt https://reqbin.com/echo

How to explicitly provide a CA certificate?

In some cases, you may need to use a different certificate chain than the one supplied with Curl. Certificate chains provide trust relationships between the certificates, where the CA certificate is at the beginning of the chain and the certificate of the site we want to navigate at the end of the chain. With the --cacert filename command line parameter, we can provide another CA, such as our company's local CA.

CURL CA Certificate Example
curl --cacert mycompany.cert  https://www.mycompany.com/internal

See also

Generate Code Snippets for Curl HTTPS Request Example

Convert your Curl HTTPS Request request to the PHP, JavaScript/AJAX, Node.js, Curl/Bash, Python, Java, C#/.NET code snippets using the ReqBin code generator.