Curl is a command line tool and library which implements protocols like HTTP, HTTPS, FTP etc. Curl also supports HTTPS protocol which is secure version of the HTTP. Using curl may create some problems. We will examine how to solve these curl HTTPS related problems.
Install Curl
We will start with the installation of the curl
tool with the following command.
Ubuntu, Debian, Mint, Kali:
$ sudo apt install curl
Fedora, CentOS, RHEL:
$ sudo yum install curl
SSL/TLS Problems
Especial in self-signed or expired X.509 or SSL/TLS certificates may create problems. The error detail is printed to the terminal. As an example, we will try to access https://www.wikipedia.com and we will get an error like
curl: (51) SSL: no alternative certificate subject name matches target host name 'www.wikipedia.com'
AND we run following command.
$ curl https://www.wikipedia.com
Allow Insecure Connections
In order to prevent this error and accept an insecure certificate, we need to provide--insecure
This will accept all provided certificates without complaining about it.
$ curl --insecure https://www.wikipedia.com
Provide Site HTTPS Certificate Manually
If we do not want to use web site provided certificate and provide sites HTTPS certificate manually we can use -E
or --cert
option with the certificate file. In this example, we will use a certificate named inwk.cert
order to connect https://www.wikipedia.com.
$ curl -E wk.cert https://www.wikipedia.com
Provide a Certificate Authority Certificate Explicitly
In some cases, we may need to use another certificate chain then internet. Certificate chains provide a trust relationship between hierarchical certificates where the leaf is the site certificate we want to navigate. Certificate Authority is the top certificate which is provided by Certification Authority firms. We can provide another certificate authority like our company local certificate authority with the --cacert
option.
$ curl --cacert mycompany.cert https://www.mycompany.com