How to ignore SSL certificate error in cURL

cURL, by default, will ensure each SSL connection is secure by verifying the server's SSL certificate. You'll get SSL error when running cURL against https-based websites with SSL certificates that are either misconfigured, expired, or self-signed.

$ curl https://www.example.com/
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

curl: (60) SSL: no alternative certificate subject name matches target host name 'www.example.com'
More details here: https://curl.haxx.se/docs/sslcerts.html

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

You can force cURL to ignore SSL certificate errors by using the insecure option. The option will skip the SSL verification process, and you'll be able to bypass any SSL error that a site might have while still having SSL-encrypted communication.

Ignoring SSL errors is, of course, not a secure method but is helpful if you trust the website, which may or may not be owned by you. This is equivalent to using --no-check-certificate option in wget.

Steps to disable SSL certificate verification in cURL:

Run curl against website with SSL error.

$ curl https://www.example.com/
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

Use insecure option for curl to ignore SSL certificate error.

$ curl --insecure https://www.example.com/
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=/newpage.php">
</head>
</html>

-k, --insecure
       (TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.

       The server connection is verified by making sure the server's certificate contains the right name and verifies successfully using the cert store.

       See this online resource for further details:
        https://curl.haxx.se/docs/sslcerts.html

       See also --proxy-insecure and --cacert.

Use shortform insecure option for curl.

$ curl -k https://www.example.com/
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=/newpage.php">
</head>
</html>

Add insecure to curl config file to apply the option to every SSL connection.
```
$ echo "insecure" >> ~/.curlrc
```
Only use this method in development setting or wherever security is not critical.

Test against problematic https website again without specifying insecure option.

$ curl https://www.example.com/
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=/newpage.php">
</head>
</html>

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect by trade but always retains sight of his true passions: development, entrepreneurship, and open-source advocacy. As the founder of Simplified Guide, he combines these interests to help others easily navigate the world of computing.

Discuss the article:

Comment anonymously. Login not required.