How to Ignore SSL Errors and Warnings in cURL

In this tutorial, we re goign to learn how you can tell cURL to ignore or hide any SSL warnings and errors and proceed to perform the requested action.

How to Ignore SSL Errors and Warnings in cURL

Secure Socket Layer, commonly known as SSL is a security standard that provides mechanism and features for establishing encrypted connection between a client and server. SSL operates under the Internet Protocol suite providing security layer for protocols such as HTTP, SMPT, FTP, and more.

SSL is the fundamental for a lot security and authenication for the modern web. For example, it is used to pass encrypted traffic using HTTPS, Other technologies and features where SSL plays a role include:

  • Authentication - server and client authentication using digital certificates to verify identity.
  • Active Directory - features such as secure LDAP utilizes SSL/TLS protocol to enhance the security of directory service.
  • Databses - database server support SSL/TLS for authentication and more.
  • Email Encryption - Protocols such as SMTP, POP3, and IMAP uses SSL/TLS to provide secure email communication.
  • VPN - Some VPNs utilize SSH for secure tunneling to provide remote access.
  • APIs - Nearly all APIs are secured using SSL/TLS protocols to ensure secure data exchange between application and services.

As such, if you are using cURL, you care going to encounter various issues regarding SSL. This can range from an expired SSL certificate, mismatching keys, self-signed certificate warnings, and more.

🫵
It is good to keep in mind that ignoring SSL warnings can result in a security issue.

We recommend using the ignore feature on trusted services such as servers and APIs. Avoid sending sensitive information to such endpoints.

cURL Ignore SSL Warning

To quickly the SSL Certificate warning, you can use the -k or --insecure parameter to the request. The command syntax is as shown:

curl -k <url>

For example, the query below returns a warning for expired SSL certificate:

curl https://expired.badssl.com/

Output:

curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

To resolve this, we can use the -k flag as shown:

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="shortcut icon" href="/icons/favicon-red.ico"/>
  <link rel="apple-touch-icon" href="/icons/icon-red.png"/>
  <title>expired.badssl.com</title>
  <link rel="stylesheet" href="/style.css">
  <style>body { background: red; }</style>
</head>
<body>
<div id="content">
  <h1 style="font-size: 12vw;">
    expired.<br>badssl.com
  </h1>
</div>

</body>
</html>

This forces cURL to ignore the certificate warning and proceed to fetch the request resource.

cURL Ignore Insecure Proxy

In some cases, you might be making a request via a proxy. For example, let us assume you are using the Burpsuite proxy. This means you are making the request from curl, forwarded to the Burpsuite proxy and then to the target server.

However, if there is an issue with the SSL certificate of the Burpsuite proxy, cURL will issue a warning and fail to forward the request.

To ignore an SSL issue with the proxy, we can use the --proxy-insecure in conjunction with the -k flag as shown:

curl -k --proxy-insecure <url>

For example, suppose we have a proxy running on http://localhost:8080. We can use cURL to forward requests via the proxy as shown:

curl https://geekbits.io --proxy https://localhost:8080

NOTE: In this case, we are using https instead of http . This will result in an SSL conflict from the proxy as shown:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
...

To ignore this issue, use the command:

curl https://geekbits.io --proxy https://localhost:8080 -k --proxy-insecure 

Output:

<html>
<head><script>var _ez_ab_test = 'mod1'</script>
...

cURL Global Certificate Ignore

You can also disable certificate verification in a given system. This means that cURL will not attempt to verify certificate in the configured system. This is useful when you are using programmatically generated scripts that uses cURL.

In such a case, you can add the insecure and proxy-insecure options in the ~/.curlrc` file.

nano ~/.curlrc

Add:

insecure
proxy-insecure

Save the file.

Conclusion

In this tutorial, we covered how you can utilize and use cURL features to disable and ignore certificate verification warnings and issues when using cURL. This includes expired certificates, self-signed certificates, etc.

Great! Next, complete checkout for full access to GeekBits.
Welcome back! You've successfully signed in.
You've successfully subscribed to GeekBits.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.