ignore certificate errors in curl

How to Ignore SSL Certificate Errors in cURL

cURL is a popular tool to download files and data from URLs. It also works with HTTPS/SSL/TLS URLs but requires a valid SSL/TLS certificate to be present in the destination server. Otherwise, it will give a certificate error. Also, by default, cURL and other file download tools show error if the URL has self-signed certificates installed. By default, cURL will validate all SSL connections using the CA certificate bundle installed on the URL’s server. But sometimes you may need to ignore ssl certificate errors in cURL and download the insecure URL anyway. In such cases, you can follow the steps mentioned in this article.


How to Ignore SSL Certificate Errors in cURL

Let us say you want to download file data.tar.gz from www.example.com which has an invalid SSL certificate. Here is the typical cURL command for doing that.

$ curl -O https://www.example.com/data.tar.gz

In such cases, you will see the following warning about invalid SSL certificates.

curl: (60) SSL certificate problem: Invalid certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

To turn off the above warnings and error messages, you can use the -k or –insecure option.

curl -k url
curl --insecure url
curl --insecure [options] url
curl --insecure -I url

For example, you can modify the earlier cURL command as shown below to ignore SSL certificate errors.

$ curl -O -k https://www.example.com/data.tar.gz
OR
$ curl -O --insecure https://www.example.com/data.tar.gz

If you only want to view the header of the URL, still you need to use -k or –insecure option along with –header option to display header information.

$ curl -O -k --header https://www.example.com/data.tar.gz
OR
$ curl -O --insecure --header https://www.example.com/data.tar.gz

The above command works for only the specified URL but if you want to ignore all SSL error/warning for all URLs, you need to make changes to cURL’s configuration file. Open it in a text editor using the command below.

$ vi $HOME/.curlrc

Add the following directive to this file.

insecure

Save and close the file to apply changes. Sometimes you may need to start the new sessions for changes to be applied. However, it is not advisable to disable SSL checks for all URLs.

Although we have outlined how to ignore SSL certificate errors in cURL, we strongly recommend against using insecure URLs. Almost every website uses valid SSL certificates. It allows client to verify that it is indeed communicating with the proper server. If you ignore SSL certificate errors, it is possible for malicious hacker to use a man-in-the-middle attack, intercept your connection to server midway and pose as your required website, thereby sending the wrong file to you. So please don’t download files and data with invalid, expired or self-signed certificates.

Also read:

How to Get Creation Date for File & Directories
How to Delete Iptables Rules
How to Use Rsync with SSH Key
How to Run Python Scripts Sequentially
How to Download Attachment from GMail Using Shell Script

Leave a Reply

Your email address will not be published. Required fields are marked *