Curl is a tool that allows data transfer between servers using SSL certificates for secure communication. SSL certificate errors may occur while using curl, and it may be necessary to ignore these errors if the website is known to be authentic and the errors are only warnings. It’s important to note that ignoring fatal SSL errors could compromise your data transfer security.
This write-up will elaborate on the methods to ignore or hide the curl SSL certificate errors using the following timeline:
- What are the Reasons for SSL Certificate Errors?
- How to Ignore Curl SSL Certificate Errors?
Let’s discuss the reason for SSL certificate errors first.
What are the Reasons for SSL Certificate Errors?
Several SSL certificate errors can be encountered while working with SSH in Linux, mostly, these errors are just warnings, but in some cases, these errors can be fatal. For instance, the curl command with the URL below shows the error “SSL certificate problem: certificate has expired”:
$ curl https://expired.badssl.com
The common reason for the curl SSL certificate errors are as follows:
- There may be browser connectivity issues.
- The SSL certificate is not correct/expired.
- The SSL certificate might have corrupt or improper data.
- The CA Certificates do not contain correct or expired SSL certificates.
- The user is trying to contact a blocked webpage, or a firewall is blocking it.
Let’s check out the methods to ignore/hide these SSL certificate errors.
How to Ignore Curl SSL Certificate Errors?
There are multiple ways to ignore the curl SSL certificate errors. In contrast, the most common way to ignore SSL certificates errors can be seen using the curl command manual:
$ man curl
The official manual of the curl command shows that two options, “-k” and “–insecure”, can be used with the curl command to ignore the SSL certificate errors. So, the basic syntax of the curl commands that will ignore the SSL certificate errors are given below:
$ curl -k [url] $ curl --insecure [url]
Solution 1: Ignore Curl SSL Certificate Errors for a Specific URL
We can ignore the SSL certificate for a specific URL by utilizing the curl command “k” and “–insecure” options. Let’s use it to ignore the errors for a specific URL as shown below:
$ curl -k https://expired.badssl.com
The error-free output shows that it has ignored all the SSL certificate errors.
Similarly, we can use the “–ignore” option to ignore or hide the SSL certificate errors as performed below:
$ curl --insecure https://expired.badssl.com
The output ignores the SSL errors.
Ignore Curl SSL Certificate Errors Permanently (Testing Environment)
We can permanently ignore the SSL certificate errors by adding the insecure keyword to the curl command system configuration file “~/.curlrc”. To ignore the SSL certificate errors permanently, simply run the below echo command to append the “insecure” to the curlrc file:
$ echo "insecure" >> ~/.curlrc
The SSL certificate errors will be permanently ignored now.
Note: This error is preferable for testing or working environments where security is not critical. Otherwise, this method is not recommended due to ignoring all the security reasons.
Solution 2: Update the CA Certificates
The other reason for the SSL certificate error is not having the updated SSL certificate in CA Certificates. Most times, the SSL certificates are changed but are not updated to the system CA certificates which causes the SSL certificates error. This error can be removed by simply updating the CA certificates by running the following command:
$ sudo update-ca-certificates
That’s how curl ignores SSL certificate errors.
The SSL certificates provide security for online communication in Linux that can show errors in case there is a mismatch between the client and remote server’s SSL certificate. We can ignore the curl SSL certificate errors by using the “k” or “ignore” options with the curl command. Moreover, we can update the CA certificates to update the latest SSL keys that can cause SSL certificate errors.