Ignore SSL Certificate Error with cURL
Getting an expired certificate error while downloading files with curl? Here's how to ignore it.
So you were trying to get an HTML response from a website using cURL and you got an SSL certificate error:
sagar@LHB:~$ curl https://expired.badssl.com
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.It is because the cURL by default will ensure connections using an SSL certificate and will throw an error if the website you specified is having misconfigured or expired certificate.
And this is going to be a quick tutorial on how you can ignore an SSL certificate error using cURL.
How to ignore an SSL certificate error with cURL
While ignoring the error and still wishing for connecting to the faulty site is not recommended but if you trust the website, here you have it!
You can use the --insecure option while using curl and it will ignore the broken SSL certificate:
curl --insecure https://expired.badssl.comsagar@LHB:~$ curl --insecure https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>expired.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>
</body>
</html>Similarly, you can also use -k option to have the same effect being the short form of --insecure option:
curl -k https://expired.badssl.comsagar@LHB:~$ curl -k https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>expired.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>
</body>
</html>Apply the --insecure option to every SSL connection
You can append insecure to the curl-config file using the given command:
echo "insecure" >> ~/.curlrcAnd now, you can get HTML response with curl without using the --insecure option:
sagar@LHB:~$ curl https://expired.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>expired.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>
</body>
</html>Wrapping Up
This was my take on how you can ignore an SSL certificate while using curl. I hope this solves the issue.
And if not, make sure to leave a comment and I will try my best to come up with a solution.
A software engineer who loves to tinker with hardware till it gets crashed. While reviving my crashed system, you can find me reading literature, manga, or watering my plants.