Menu
How to allow insecure HTTPS connections using Curl? To bypass certificate validation, pass the -k or --insecure flag to Curl. This will tell Curl to ignore certificate errors and accept insecure certificates without complaining about them.
To make a GET request using Curl, run the curl command followed by the target URL. Curl automatically selects the HTTP GET request method unless you use the -X, --request, or -d command-line option.
Addition to previous answer make sure that your curl installation supports https. You can use curl --version to get information about supported protocols. If your curl supports https follow the previous answer. If it does not support https, you need to install a cURL version that supports https.
I had the same problem - I was fetching a page from my own site, which was served over HTTPS, but curl was giving the same "SSL certificate problem" message. I worked around it by adding a -k flag to the call to allow insecure connections.
curl -k https://whatever.com/script.php
Edit: I discovered the root of the problem. I was using an SSL certificate (from StartSSL, but I don't think that matters much) and hadn't set up the intermediate certificate properly. If you're having the same problem as user1270392 above, it's probably a good idea to test your SSL cert and fix any issues with it before resorting to the curl -k fix.
That's my everyday script:
curl --insecure -v https://www.google.com 2>&1 | awk 'BEGIN { cert=0 } /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }'
Output:
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
* start date: 2016-01-07 11:34:33 GMT
* expire date: 2016-04-06 00:00:00 GMT
* issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* SSL certificate verify ok.
* Server GFE/2.0 is not blacklisted
* Connection #0 to host www.google.com left intact
You need to provide the entire certificate chain to curl, since curl no longer ships with any CA certs. Since the cacert option can only use one file, you need to concat the full chain info into 1 file
Copy the certificate chain (from your browser, for example) into DER encoded binary x.509(.cer). Do this for each cert.
Convert the certs into PEM, and concat them into 1 file.
openssl x509 -inform DES -in file1.cer -out file1.pem -text
openssl x509 -inform DES -in file2.cer -out file2.pem -text
openssl x509 -inform DES -in file3.cer -out file3.pem -text
cat *.pem > certRepo
curl --cacert certRepo -u user:passwd -X GET -H 'Content-Type: application/json' "https//somesecureserver.com/rest/field"
I wrote a blog on how to do this here: http://javamemento.blogspot.no/2015/10/using-curl-with-ssl-cert-chain.html
use --cacert to specify a .crt file.
ca-root-nss.crt for example.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With