The curl command is used to get different resources over different protocols like HTTP, HTTPS, FTP, LDAP, IMAP, etc. One of the most popular use cases for the curl is the HTTPS protocol. HTTPS is the secure version of the HTTP protocol where the data is encrypted and the HTTPS server is identified with an SSL/TLS certificate. In this tutorial, we will learn how to use the curl with the HTTPS protocol and solve problems related to HTTPS, SSL/TLS.
Install curl Command
The curl tool or command is provided by all major versions of the Linux distributions. Use following commands to install curl if it is not installed currently.
Debian, Ubuntu, Mint, Kali:
sudo apt install curl
CentOS, RHEL, Fedora:
sudo dnf install curl
SSL/TLS Certificate Problem
While using the curl command the system default SSL certificates and SSL certificate configuration are used. The following error can be printed when the SSL certificate is not valid.
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
Allow Insecure Connection
By default when the HTTPS protocol is used the remote web server SSL/TLS certificates are checked whether they are valid or not. If the SSL/TLS certificates are not verified properly because of the self-signed certificate etc. the HTTP connection is closed. The –insecure option can be used to disable the HTTPS certificate check which will accept all HTTPS certificates which are not signed or valid.
curl --insecure https://www.wikipedia.org
Alternatively the -k option can be used which is the short form of the –insecure.
curl -k https://www.wikipedia.org
Specify SSL/TLS Certificate Manually
Another alternative is providing the SSL/TLS certificate manually. In this method there will be no Certificate Authority approval and the provided certificate is used to communicate with the remote HTTPS web server. The -E option is used to specify the certificate file. The certificate files generally have the “*.cert” extension. In the following example, we will provide the certificate file named mycertificate.cert.
curl -E mycertificate.cert https://www.wikipedia.org
Provide Certificate Authority (CA) Certificate Manually
HTTPS uses the SSL/TLS certificates where these certificates are chained together for verification. The root certificate validation authority is called CA (Certificate Authority). We can provide the certification authority certificate manually where the remote HTTPS server certificate is validated against this provided CA certificate. The –cacert option is used to provide the CA certificate manually. In the following example, we will provide a certificate named myca.cert.
curl --cacert myca.cert https://www.wikipedia.org