Making SSL connections with Curl

Curl has built-in support for Secure Transport connections (its more secure version is called TLS). When you make a Curl request for an HTTPS URL, Curl automatically checks the target URL's SSL certificate against the local CA certificate store and warns if it is invalid, self-signed, or has expired. This is great for production websites but inconvenient for development. To bypass SSL certificate checks, you can use the -k or --insecure Curl command-line options. Click Run to execute the Curl SSL Request example online and see the results.
Making SSL connections with Curl Run
curl -k https://expired.badssl.com
Updated: Viewed: 45638 times

What is Curl?

Curl (stands for Client URL) is an open-source command-line tool and a cross-platform library (libcurl) developers use for client/server communications. Curl allows you to send data to the server by sending the target URL and the data as command-line parameters. Curl supports over 25 protocols, including HTTP and HTTPS, works on Linux, Windows, and macOS, and can be easily integrated into C++, Java, Python, PHP, Go, etc., applications.

What is SSL?

SSL (stands for Secure Sockets Layer) is a network protocol for establishing secure, authenticated, and encrypted connections between two computers. SSL is the predecessor to the more modern TLS encryption method used today. Netscape first developed SSL in 1995 to provide confidentiality, authentication, and data integrity in Internet communications. A website that implements SSL/TLS support has the HTTPS prefix in the URL. SSL protects the user's privacy while browsing the Internet by encrypting all data that goes to or from the user's computer and web server. The SSL ensures that anyone who intercepts the data in your network can only see the encrypted characters.

What is TLS?

TLS (short for Transport Layer Security), released in 1999, is the successor to SSL for authenticating and encrypting data transferred over a network. TLS is a cryptographic protocol used to provide better security for communication over the network. TLS is mainly used to encrypt communication between web and mobile applications and a web server.

What is an SSL Certificate?

SSL certificates allow browsers and servers to encrypt network traffic. The SSL certificate is hosted on the origin server and contains the public key to encrypt network traffic and identify the website. Libcurl performs SSL certificate validation right out of the box using the built-in CA certificate store.

How to ignore SSL certificate errors using Curl?

SSL certificates provide high security and data protection when used on a production website but usually get in the way when developing locally, as developers typically use self-signed SSL certificates. You can pass the -k or --insecure option to the Curl command to tell Curl not to check the SSL certificate. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore all security warnings about invalid certificates and accept them as valid.

Curl syntax for disabling certificate validation
curl -k [URL] [URL]
curl --insecure [options] [URL]

How to use a self-signed certificate with a Curl?

To use a self-signed certificate with a Curl, you need to:

  1. Download and save the self-signed certificate.
  2. Tell the Curl client about it with --cacert [file] command-line switch. This parameter tells the Curl to use the specified certificate file to verify the peer. The [file] may contain multiple CA certificates and must be in PEM format.

What is the difference between --cacert and --cert options?

The --cacert [file] option tells Curl to use the specified certificate file for peer verification. The file can contain multiple CA certificates and must be in PEM format. The --cert [file] option tells Curl to use the specified client certificate file when sending a request to the server. The client certificate must be in PKCS#12 format when using Secure Transport or PEM format when using any other method.

Curl SSL Request Examples

The following are examples of sending SSL requests to Curl:

SSL connections with Curl

The following is an example of an SSL connection with the --insecure command line option to the ReqBin echo URL:

SSL connections with Curl Example
curl --insecure https://expired.badssl.com

Sending Client Certificate with Curl

The client certificate is passed by Curl to the server as part of the TLS handshake, and the server validates the certificate during the handshake.

Send client certificate with Curl Example
curl --cert certificate.pem https://reqbin.com/echo

Sending SSL certificates with passwords

You can pass the certificate password in --cert command-line option after the certificate file name in the following format: --cert [file]:[password]

Curl SSL Certificate Passwords Example
curl https://reqbin.com/echo
     --cert certificate.pem:mypassword

Providing Self-Signed Certificate with Curl

You can provide a self-signed certificate with the --cacert command line option:

Curl Providing Self-Signed Certificate Example
curl https://reqbin.com/echo
     --cacert self-signed.crt 

See also

Generate Code Snippets for Curl SSL Request Example

Convert your Curl SSL Request request to the PHP, JavaScript/AJAX, Node.js, Curl/Bash, Python, Java, C#/.NET code snippets using the ReqBin code generator.