Curl: disable certificate verification

Question

I am developing and I need to access https://localhost. I know the certificate will not match. I just want curl to ignore that. Currently it gives me the following error message:

curl: (51) SSL peer certificate or SSH remote key was not OK

Is it possible to tell curl to perform the access anyway?

Dup of http://unix.stackexchange.com/questions/60750/does-curl-have-a-no-check-certificate-option-like-wget — Andre Miras, Aug 14 '15 at 14:44

score 102 · Accepted Answer · edited Jun 01 '20 at 12:16

102

Yeah, you can do that. From curl --help or man curl:

-k, --insecure

(SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.

See this online resource for further details: http://curl.haxx.se/docs/sslcerts.html

edited Jun 01 '20 at 12:16

user524351

123
4

answered Jan 16 '13 at 23:11

Mathias R. Jessen

24,907
4
62
95

3

right, I just found it myself. I looked for it yesterday and it was not there! :) – blueFast Jan 16 '13 at 23:12
10

Whoa! What's with the snarky reply? – Darth Egregious Jul 29 '14 at 16:21
I still see the "(51) SSL peer certificate ... was not ok" message with -k – Joao Costa Jan 12 '16 at 10:40
9

Downvoted for the snarky response. If you don't want to answer a question, just don't. – Michael Jul 06 '16 at 17:13
4

@Michael answering the question and asking people to RTFM are not mutually exclusive options (as I believe my answer to this question perfectly demonstrates). You can do both – Mathias R. Jessen Jul 06 '16 at 17:22
8

@MathiasR.Jessen you can indeed, but usually a less snarky tone is appreciated by most people – Michael Jul 06 '16 at 17:33
@MathiasR.Jessen the difference between ServerFault (Eg, the impression you give people with RTFM) and Unix.Linux. Which leaves a better impression with end user and is more likely to get them to actually start RTFM? https://unix.stackexchange.com/questions/230952/what-is-the-difference-when-using-find-between-name-and-iname – FreeSoftwareServers Dec 10 '20 at 20:24

score 20 · Answer 2 · edited Jan 13 '21 at 13:52

20

curl -k or curl --insecure does NOT fix this particular error condition:

curl: (51) SSL peer certificate

edited Jan 13 '21 at 13:52

Matthias

103
4

answered Jun 28 '14 at 21:04

user228425

201
2
2

3

The SSL peer certificate error occurs when validation of the trust chain (not the actual certificate) fails. My first recommendation would be to update the CA bundle on the machine – Mathias R. Jessen Jul 30 '14 at 10:35

Brad Parks · Answer 3 · 2020-07-29T01:02:07.013

5

If you truly want to disable curl SSL verification, by default, for ALL use cases, you can do as suggested in this Unix stack exchange answer:

$ echo insecure >> ~/.curlrc

Now should you do this? No, as this is avoiding security checks you should have in place... but if you really really want to do this, caveat emptor!

edited Jul 29 '20 at 01:02

answered Jul 22 '20 at 20:15

Brad Parks

674
13
19

Curl: disable certificate verification

3 Answers3