So you were trying to get an HTML response from a website using cURL and you got an SSL certificate error:
[email protected]:~$ curl https://expired.badssl.com
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.It is because the cURL by default will ensure connections using an SSL certificate and will throw an error if the website you specified is having misconfigured or expired certificate.
And this is going to be a quick tutorial on how you can ignore an SSL certificate error using cURL.
How to ignore an SSL certificate error with cURL
While ignoring the error and still wishing for connecting to the faulty site is not recommended but if you trust the website, here you have it!
You can use the --insecure option while using curl and it will ignore the broken SSL certificate:
curl --insecure https://expired.badssl.com[email protected]:~$ curl --insecure https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>expired.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>
</body>
</html>Similarly, you can also use -k option to have the same effect being the short form of --insecure option:
curl -k https://expired.badssl.com[email protected]:~$ curl -k https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>expired.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>
</body>
</html>Apply the --insecure option to every SSL connection
You can append insecure to the curl-config file using the given command:
echo "insecure" >> ~/.curlrcAnd now, you can get HTML response with curl without using the --insecure option:
[email protected]:~$ curl https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>expired.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>
</body>
</html>Wrapping Up
This was my take on how you can ignore an SSL certificate while using curl. I hope this solves the issue.
And if not, make sure to leave a comment and I will try my best to come up with a solution.
Join the conversation