How to ignore invalid and self-signed SSL certificate errors in Curl?
To ignore invalid and self-signed certificate checks on Curl, use the -k or --insecure command-line option. This option allows Curl to perform "insecure" SSL connections and skip SSL certificate checks while you still have SSL encrypted communications. If you make an HTTPS request to a resource with an invalid or expired SSL certificate without the -k or --insecure option, you will receive a curl: (60) SSL certificate: invalid certificate chain: error message. You can use https://expired.badssl.com to test Curl commands on insecure hosts with the option to ignore certificate checks.
Curl (stands for Client URL) is a command-line utility for transferring data to or from a server. Curl supports over 25+ protocols, including HTTP, HTTPS, FTP, FTPS, and SFTP. Curl is used for testing APIs, uploading files, viewing server response content and headers, and load testing APIs. Curl works on Linux, Windows, and macOS.
What is SSL?
SSL (Secure Sockets Layer) is a network protocol to establish secure, authenticated, and encrypted connections between two devices (for example, between a browser and a webserver). TLS (Transport Layer Security) is an improved and more secure version of SSL protocol. SSL protects the user's privacy when sending data over the Internet by encrypting all traffic between the user's computer and the webserver and making it impossible to intercept and read this data. SSL uses robust encryption algorithms to encode data and prevent unauthorized persons from decoding and reading it. A website that implements SSL/TLS encryption has an HTTPS prefix in its URL.
What is an SSL Certificate?
An SSL certificate is a digital certificate that identifies a website and encrypts information sent to the server using SSL. Encryption is the process of converting data into an encrypted, unreadable format that can only be returned to a readable format with the appropriate decryption key at the other end of the SSL connection. When an SSL certificate is installed on the server, it activates the HTTPS protocol for incoming connections. SSL provides a secure connection between the server and the user's browser or any other device using an SSL connection. Typically, an SSL certificate is used to secure credit card transactions, personal data transfer, and user logins and has recently become the norm for protecting browsing on almost any website.
Curl SSL Certificate Checks
By default, every SSL connection Curl creates checked for security. Every connection is verified by checking that the server certificate is signed by a trusted authority, contains the correct domain name, and has not expired. The Curl Trusted Root Certificate Store comes with a Curl installation and includes a list of CAs and is used to validate server certificates. The -k command-line option allows Curl to continue working on unsecured connections that are otherwise considered insecure and blocked. Use the -k and --insecure options for testing and development purposes only.
How to ignore SSL certificate errors using Curl?
To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid. Your data will continue to be transmitted over an SSL encrypted channel.
Curl syntax to ignore certificate validation
The general form of the Curl command to ignore an SSL certificate is as follows:
Curl Syntax to disable certificate checks
curl -k [URL]
curl --insecure [URL]
Curl example to ignore certificate checks
An example of making an insecure request to expired.badssl.comhost host with the option to ignore SSL certificate errors using the -k or --insecure command-line parameter: