Introduction

If you need to make curl ignore certificate errors, make sure you know the consequences of insecure SSL connections and transfers.

You should only practice skipping certificate checks for development purposes.

In this tutorial, you learn how to make curl ignore certificate errors.

How to make curl ignore certificate errors.

Make curl Ignore SSL Errors

The basic syntax for ignoring certificate errors with the curl command is:

curl --insecure [URL]

Alternatively, you can use:

curl -k [URL]

cURL insecure command.

A website is insecure if it has an expired, misconfigured, or no SSL certificate ensuring a safe connection. When you try to use curl to connect to such a website, the output responds with an error.


Note: The --insecure (-k) options is similar to the wget --no-check-certificate command used to avoid certificate authorities checking for a server certificate. To see how wget skips certificate checks, refer to the guide How To Use Wget Command With Examples.


For instance, if you run the command:

curl myawesomewebsite.com

The output should display the content of the URL. However, since this website has an invalid SSL certificate, it shows an error as in the example below.

curl: (60) SSL: no alternative certificate subject name matches target host name 'unixtutorial.test'

This means “peer certificate cannot be authenticated with known CA certificates.”

To bypass this constraint, you can use the --insecure (or -k) option allowing insecure server connections when using SSL. Therefore, you would run:

curl -k myawesomewebsite.com

Note: Do you know which type of SSL certificate is best for you? Check out this Ultimate Guide to Types of SSL Certificates.


Conclusion

After reading this article, you should know how to make curl ignore certificate errors. Although this is done simply by adding the -k option, do not instruct curl to ignore SSL errors unless required for development purposes.

Don’t miss out on our other curl guides such as How To Set Or Change User Agent With Curl.


Next you should also read