Does curl have a --no-check-certificate option like wget?
Yes. From the manpage:
-k, --insecure
(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.
The server connection is verified by making sure the server's certificate contains the right name and verifies successfully using the cert store.
See this online resource for further details: https://curl.haxx.se/docs/sslcerts.html
See also --proxy-insecure and --cacert.
The reference mentioned in that manpage entry describes some of the specific behaviors of -k
.
These behaviors can be observed with curl
requests to test pages from BadSSL.com
curl -X GET https://wrong.host.badssl.com/
curl: (51) SSL: no alternative certificate subject name matches target host name 'wrong.host.badssl.com'
curl -k -X GET https://wrong.host.badssl.com/
..returns HTML content...
You may use the following command to apply the changes for all connections:
$ echo insecure >> ~/.curlrc
On Windows just create _curlrc
text file with 'insecure' text in it in your %HOME%
, %CURL_HOME%
, %APPDATA%
, %USERPROFILE%
or %USERPROFILE%\Application Data
directory.
Advantage of using above solution is that it works for all curl
commands, but it is not recommended since it may introduce MITM attacks by connecting to insecure and untrusted hosts.
You are using a self-signed cert. Why don't you appended the CA to your trusted CA bundle (Linux) or add to the trusted Certificate store (windows)? Or simply use --cacert /Path/to/file
with the contents of your trusted self-signed cert file.
The other answers are answering the question based on the wget
comparable. However the true ask is how do I maintain a trusted connection with a self-signed cert using curl
. Based on many comments security is the top concern in any one of these answers, and the best answer would be to trust the self-signed cert and leave curl
s security checks intact.