SSL/TLS is used to encrypt and make secure HTTPS connections. While using the HTTPS web pages with the curl command you may get some SSL/TLS related warnings or errors. Experienced users generally look for –no-check-certificate option which is provided for wget to skip SSL/TLS certification checks. The curl command provides the -k or –insecure options in order to prevent the SSL/TLS certificate check and skip the SSL/TLS warnings and errors.
Ignore SSL/TLS Certificate Check
By default, curl checks the SSL/TLS certificates for every HTTPS connection to make it secure. This allows for enforcing the validity of the remote HTTPS server SSL/TLS certificate. By checking the server domain name with the certificate and validating the certificate via the CA (Certificate Authority). But this may create errors and problems in some cases. The curl provides the –insecure options which can be also expressed as -k for short in order to skip the SSL/TLS certificate check and validation. Keep in mind that this makes the HTTPS connection insecure as the option name suggests. In the following eexample we will connect to the web server named “mywebserver.com” via the HTTPS protocol and ignore the SSL/TLS checks and errors with the –insecure option.
curl --insecure mywebserver.com
Alternatively the short form of the –insecure option which is -k can be used like below with the same function.
curl -k mywebserver.com
SSL/TLS certificate errors generally occur in web server HTTPS connections with IP addresses because they do not have a valid domain name or the certificate is not approved by CA. The –insecure and -k options can be used with IP addresses like below.
curl --insecure 192.168.10.10 curl -k 192.168.10.10
Ignore SSL/TLS Certificate Check In curl Configuration
The curl command also uses the persistent configuration file where generic curl configuration is stored. The configuration file is located under the current user home directory with the name “.curlrc“. The insecure configuration can be added into this configuration file where every execution of the curl command uses this configuration and does not checks the SSL/TLS certificates. First, open the configuration file like below.
Then put the following line into the configuration file.
Also the following single line command can be used to put the insecure configuration into the .curlrc configuration file.
echo insecure >> ~/.curlrc
Specify CA (Certificate Authority) Manually
The SSL/TLS certificates are a check against the CA (Certificate Authorities). CA’s are located on the internet and register certificates for domains. If a remote server SSL/TLS certificate is registered with the local CA which is not global and on the internet, we can provide this CA certificate manually with the –cacert option.
curl --cacert /var/cert/CA.cert 192.168.10.10
Specify Proxy As Insecure
Proxy is used to access a remote web server via a special system. While using the proxy the SSL/TLS check may occur. This creates SSL/TLS errors and warnings. The proxy SSLT/TLS check can be disabled with the –proxy-insecure option.
curl -x 192.168.10.1 --proxy-insecure -I mywebserver.com