How to ignore invalid and self signed ssl connection errors …
I wanted to curl command to ignore SSL certification warning. Does curl command have a –no-check-certificate option like wget command on Linux or Unix-like system?
You need to pass the -k or –insecure option to the curl command. This option explicitly allows curl to perform “insecure” SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. Let us see how to make curl ignore SSL/TLS certificate errors under Linux or Unix-like systems.
Difficulty level Easy Root privileges No Requirements curl on Linux/Unix Est. reading time 2 minutes
Does curl have a –no-check-certificate option like wget command on Linux?
The syntax is as follows that allows curl command to work with “insecure” or “invalid” SSL certificates without certicates:
curl -k url
curl –insecure url
curl –insecure [options] url
curl –insecure -I url
cURL ignore SSL certificate warnings command
In this example disable certificate verification for curl command:
curl –insecure -I OR
curl -k -O Without the -k or –insecure option, you will get an error message that read as follows:
curl: (60) SSL certificate problem: Invalid certificate chain
More details here:
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the –cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or –insecure) option.
Here is one useful example where you want to grab a file or see header info from remote host without using SSL enabled SNI domain name:
curl -O –insecure –header ‘Host: ‘ -I ### OR ###
curl -k –header ‘Host: ‘ -I
Fig. 01: Ignoring certificate warnings and saving the page or getting header info using curl command
How to apply the changes for all HTTPS connection
You can add insecure option to your $HOME/ file:
$ vi $HOME/
Append the following:
Patreon supporters only guides
Save and close the file. However, I do not recommend disabling SSL checks for all connections by default for security reasons.
How to specify CA to your trusted CA bundle for curl on the cli
One can try the following command for a self signed SSL/TLS certificates:
curl –cacert /pth/to/my/ url
curl –header ‘Host: ‘ –cacert /pth/to/my/ Summing up
Now you know how to make the curl command ignore SSL/TLS certificate errors bypassing the -k option. Please note that it is not good security practice to ignore SSL/TLS all time. Only do this if you are 100% sure about it. For instance, you can ignore it when you have installed a self-signed TLS/SSL certificate for your web apps or the web-based management console.
CategoryList of Unix and Linux commandsDocumentationhelp • mandb • man • pinfoDisk space analyzersdf • duf • ncdu • pydfFile Managementcat • cp • less • mkdir • more • treeFirewallAlpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16. 04 • Ubuntu 18. 04 • Ubuntu 20. 04Linux Desktop AppsSkype • Spotify • VLC 3Modern utilitiesbat • exaNetwork UtilitiesNetHogs • dig • host • ip • nmapOpenVPNCentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18. 04Package Managerapk • aptProcesses Managementbg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtopSearchingag • grep • whereis • whichShell builtinscompgen • echo • printfText processingcut • revUser Informationgroups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • wWireGuard VPNAlpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20. 04
How to ignore SSL certificate errors when using Curl? – ReqBin
How to ignore SSL certificate errors when using Curl? REQBIN To ignore invalid and self-signed certificate checks on Curl, use the -k or –insecure command-line option. This option allows Curl to perform “insecure” SSL connections and skip SSL certificate checks while you still have SSL encrypted communications. If you make an HTTPS request to a resource with an invalid or expired SSL certificate without the -k or –insecure option, you will receive a curl: (60) SSL certificate: invalid certificate chain: error message. You can use to test Curl commands on insecure hosts with the option to ignore certificate checks.
How to ignore SSL error in cURL – Simplified Guide
cURL by default will ensure each SSL connection to be secure by verifying the server’s SSL certificate. You’ll get SSL error when running cURL against -based websites with SSL certificates that are either misconfigured, expired, or self-signed.
$ curl curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
curl: (60) SSL: no alternative certificate subject name matches target host name ”
More details here:
curl: (60) SSL certificate problem: unable to get local issuer certificate
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
You can force cURL to ignore SSL certificate errors by using the insecure option. The option will skip the SSL verification process and you’ll be able to bypass any SSL error that a site might have while still having SSL-encrypted communication.
Ignoring SSL errors is, of course, not really a secure method but is useful if you trust the website, which may or may not be owned by you. This is equivalent to using –no-check-certificate option in wget.
Steps to disable SSL certificate verification in cURL:
Run curl against website with SSL error. $ curl curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
Use insecure option for curl to ignore SSL certificate error. $ curl –insecure
(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.
The server connection is verified by making sure the server’s certificate contains the right name and verifies successfully using the cert store.
See this online resource for further details:
See also –proxy-insecure and –cacert.
Use shortform insecure option for curl. $ curl -k
Add insecure to curl config file to apply the option to every SSL connection. $ echo “insecure” >> ~/
Only use this method in development setting or wherever security is not critical.
Test against problematic website again without specifying insecure option. $ curl
Discuss the article: Comment anonymously. Login not required.
Frequently Asked Questions about curl ssl certificate ignore
How do I ignore SSL certificate in curl?
To ignore invalid and self-signed certificate checks on Curl, use the -k or –insecure command-line option. This option allows Curl to perform “insecure” SSL connections and skip SSL certificate checks while you still have SSL encrypted communications.Jul 9, 2021
Does curl check SSL certificate?
curl performs SSL certificate verification by default, using a “bundle” of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle. crt; you can specify an alternate file using the –cacert option.
How do you skip SSL certificate verification?
If you’d like to turn off curl’s verification of the certificate, use the -k (or –insecure) option.Jun 30, 2021