Proxy locations

Europe

North America

South America

Asia

Africa

Oceania

See all locations

Network statusCareers

Back to blog

How to Ignore SSL Certificate With cURL

Enrika Pavlovskytė

2024-05-302 min read
Share

SSL (otherwise known as TLS) certificates are the cornerstone of internet security, allowing us to perform our daily internet operations without the fear of security breaches. However, in some instances, you may want to bypass it.

Read this blog post to learn about those situations and how to bypass TLS and SSL with curl.

What is cURL and SSL?

cURL is a command-line tool and library for transferring data with URLs. It supports various protocols, including HTTP, HTTPS, FTP, and more. The official website boasts over twenty billion installations and a wide range of uses, including television sets, medical devices, cars, programming, to name a few. You might have also noticed curl in API documentation across the web (or our documentation, for that matter).

cURL, curl, or Curl?

While these terms are often confused online, the creators reserve cURL for the whole project, which encompasses the command-line tool (curl) and library (libcurl). However, Curl (emphasis on the capital C) is a programming language – an entirely different thing not associated with the cURL project. In this article, we’re referring to the command-line tool, hence curl.

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols for securing communication over a computer network. You might already see the connection here. If curl is used to transfer data, it’s SSL that secures this transfer. Indeed, curl performs SSL certificate validation by default. 

Why would you want to disable SSL?

SSL protection is essential for internet security. You want for it to be there, protecting you from potential internet hazards. However, there still are valid reasons why developers might want to bypass SSL/TLS certificate verification:

  • Development and testing: During the development phase, developers might use self-signed certificates or work in environments where SSL certificates are not yet configured.

  • Debugging: Bypassing SSL can be useful for troubleshooting connection issues or diagnosing problems related to SSL certificates.

  • Legacy Systems: Some older systems or APIs might use outdated SSL certificates, necessitating temporary workarounds.

Security implications

Despite the fact that it’s done for testing and development purposes, there are security risks involved in ignoring SSL certificates. These can include man-in-the-middle attacks, data breaches, or losing user trust. To avoid the consequences of invalid certificates, ensure that you ignore SSL verification in production environments only and as a temporary measure. 

How to ignore SSL errors with curl?

If you send a curl GET request to a website with invalid SSL certificates, you should receive the following error message:

curl https://expired.badssl.com/

curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

The simplest way to ignore SSL certificate errors is by passing –k curl command:

curl -k https://expired.badssl.com/

Or  – –insecure:

curl --insecure https://expired.badssl.com/

This method will allow you to bypass SSL verification and make an “insecure” connection.

Ignoring SSL in the script

But what if you want to ignore SSL system-wide? For instance, if you're using curl with Python. You obviously would not want to go through all the instances where requests are passed. There are some alternative methods.

Creating a curl configuration file ~/.curlrc  and adding insecure to it will do the trick. This will disable SSL verification system-wise until you want to turn it back on.

Conclusion

In this guide, we've explored the relationship between cURL and SSL/TLS, discussed scenarios when ignoring SSL certificates is beneficial, and highlighted the security implications of doing so. By following the steps outlined, you can bypass SSL certificate verification in curl, but with great caution.

If you'd like to learn more about curl or SSL, read the following blog posts on what an SSL proxy, curl POST requests, or curl headers are. You can also check our cURL converter solution, an easy-to-use tool for transforming cURL commands into your preferred programming languages.

People also ask

Can I use curl with proxies?

Yes, you can. We recommend checking out our blog post on using curl with proxies to learn how to do that.

About the author

Enrika Pavlovskytė

Copywriter

Enrika Pavlovskytė is a Copywriter at Oxylabs. With a background in digital heritage research, she became increasingly fascinated with innovative technologies and started transitioning into the tech world. On her days off, you might find her camping in the wilderness and, perhaps, trying to befriend a fox! Even so, she would never pass up a chance to binge-watch old horror movies on the couch.

All information on Oxylabs Blog is provided on an "as is" basis and for informational purposes only. We make no representation and disclaim all liability with respect to your use of any information contained on Oxylabs Blog or any third-party websites that may be linked therein. Before engaging in scraping activities of any kind you should consult your legal advisors and carefully read the particular website's terms of service or receive a scraping license.

Related articles

Get the latest news from data gathering world

I'm interested