Ignoring SSL Certificate Checks with Curl

To ignore invalid and self-signed certificate checks on Curl, use the -k or --insecure command-line option. This option allows Curl to perform "insecure" SSL connections and skip SSL certificate checks while you still have SSL-encrypted communications. If you make an HTTPS request to a resource with an invalid or expired SSL certificate without the -k or --insecure option, you will receive a curl: (60) SSL certificate: invalid certificate chain: error message. Click Run to execute the Curl Ignore Certificate request online and see the result.
Ignoring SSL Certificate Checks with Curl Run
curl -k https://expired.badssl.com
Updated: Viewed: 59783 times

What is Curl?

Curl (stands for Client URL) is a command-line utility for transferring data to or from a server. Curl supports over 25+ protocols, including HTTP, HTTPS, FTP, FTPS, and SFTP. Curl is used for testing APIs, uploading files, viewing server response content and headers, and load testing APIs. Curl works on Linux, Windows, and macOS.

What is SSL?

SSL (Secure Sockets Layer) is a network protocol used to establish secure, authenticated, and encrypted connections between two devices (for example, between a browser and a webserver). TLS (Transport Layer Security) is an improved and more secure version of the SSL protocol. SSL protects the user's privacy when sending data over the Internet by encrypting all traffic between the user's computer and the webserver and making it impossible to intercept and read this data. SSL uses robust encryption algorithms to encode data and prevent unauthorized persons from decoding and reading it. A website that implements SSL/TLS encryption has an HTTPS prefix in its URL.

What is an SSL Certificate?

An SSL certificate is a digital certificate that identifies a website and encrypts information sent to the server using SSL. Encryption is the process of converting data into an encrypted, unreadable format that can only be restored to a readable format with the appropriate decryption key at the other end of the SSL connection. When an SSL certificate is installed on the server, it activates the HTTPS protocol for incoming connections. SSL provides a secure connection between the server and the user's browser or any other device using an SSL connection. Typically, an SSL certificate is used to secure credit card transactions, personal data transfer, and user logins, and it has recently become the norm for protecting browsing on almost any website.

Curl syntax to ignore certificate validation

The general form of the Curl command to ignore an SSL certificate is as follows:

Curl Syntax to disable certificate checks
curl -k [URL]
curl --insecure [URL]

Curl SSL Certificate Checks

By default, every SSL connection that Curl creates is checked for security. Every connection is verified by checking that the server certificate is signed by a trusted authority, contains the correct domain name, and has not expired. The Curl Trusted Root Certificate Store comes with a Curl installation and includes a list of CAs, which is used to validate server certificates. The -k command-line option allows Curl to continue working on unsecured connections that are otherwise considered insecure and blocked. Use the -k and --insecure options for testing and development purposes only.

How to ignore SSL certificate errors using Curl?

To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid. Your data will continue to be transmitted over an SSL-encrypted channel.

Curl example to ignore certificate checks

The following is a Curl example of making an insecure request to the host expired.badssl.com with the option to ignore SSL certificate errors using the -k or --insecure command-line parameter.

Curl Example to Disable Certificate Checks
curl -k https://expired.badssl.com
curl --insecure https://expired.badssl.com

See also

Generate Code Snippets for Curl Ignore Certificate Checks Example

Convert your Curl Ignore Certificate Checks request to the PHP, JavaScript/AJAX, Node.js, Curl/Bash, Python, Java, C#/.NET code snippets using the ReqBin code generator.