Curl игнорировать ssl ошибку

На чтение 3 мин Опубликовано 12.02.2020

Я хотел бы использовать команду curl, чтобы игнорировать предупреждение о сертификатах SSL.

Ведь мы можем получить ошибку подобную этой:

curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.

Есть ли в команде curl опция –no-check-certificate ,как например, у команды wget в Linux или Unix-подобной системе?

Вам нужно просто передать параметр -k или –insecure команде curl.

Эта опция явно позволяет curl выполнять «небезопасные» SSL-соединения и передачи данных.

Все SSL-соединения пытаются сделать безопасную передачу данных с помощью пакета сертификатов CA, установленного по умолчанию.

Содержание

  1. Есть ли у curl опция -no-check-certificate, как например, у команд wget на Linux?
  2. cURL | Как игнорировать предупреждения сертификата SSL
  3. Как применить изменения для всех HTTPS-соединений
  4. Как установть доверенный CA  для curl

Есть ли у curl опция -no-check-certificate, как например, у команд wget на Linux?

Следующий синтаксис позволяет команде curl работать с «небезопасными» или «недоверенными» сертификатами SSL:

curl -k url
curl --insecure url
curl --insecure [options] url
curl --insecure -I url

cURL | Как игнорировать предупреждения сертификата SSL

В этом примере отключена проверка сертификата для команды curl:

curl --insecure -I https://202.54.1.2/

или

curl -k -O https://202.54.1.2/file.tar.gz

Без опции -k или –insecure вы получите сообщение об ошибке следующего содержания:

curl: (60) SSL certificate problem: Invalid certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Вот один полезный пример, где вы сможете получить файл или просмотреть информацию заголовка с удаленного хоста без использования имени домена SNI с поддержкой SSL:

curl -O --insecure --header 'Host: www.example.com' -I https://207.5.1.10/file.html
### или ###
curl -k --header 'Host: www.example.com' -I https://207.5.1.10/file.html

Как применить изменения для всех HTTPS-соединений

Вы можете добавить опцию insecure в ваш файл $HOME/.curlrc:

$ vi $HOME/.curlrc

Сохраните и закройте файл.

Однако я не рекомендую отключать проверки SSL для всех соединений по умолчанию из соображений безопасности.

Как установть доверенный CA  для curl

Можно попробовать следующую команду для самоподписанных сертификатов SSL / TLS:

curl --cacert /pth/to/my/ca.pem https://url
curl --header 'Host: www.cyberciti.biz' --cacert /pth/to/my/ca.pem https://207.5.1.10/nixcraft.tar.gz

Пожалуйста, не спамьте и никого не оскорбляйте.

Это поле для комментариев, а не спамбокс.

Рекламные ссылки не индексируются!

Источник

Hello i want to use an API for a website but there an error with my curl command.

I want to disable SSL certificate verification.

curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Zach Smith's user avatar

Zach Smith

8,34813 gold badges58 silver badges130 bronze badges

asked Feb 27, 2018 at 15:41

Micky 's user avatar

2

Simply add the -k switch somewhere before the url.

Disclaimer: Use this at your own risk.

man curl | less +/--insecure

-k, —insecure
(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate
even for server connections otherwise considered insecure.

The server connection is verified by making sure the server’s certificate contains the right name and verifies successfully
using the cert store.

See this online resource for further details:
https://curl.haxx.se/docs/sslcerts.html

See also —proxy-insecure and —cacert

Community's user avatar

answered Feb 27, 2018 at 15:46

Gilles Quénot's user avatar

Gilles QuénotGilles Quénot

172k40 gold badges224 silver badges222 bronze badges

4

Источник

Introduction

If you need to make curl ignore certificate errors, make sure you know the consequences of insecure SSL connections and transfers.

You should only practice skipping certificate checks for development purposes.

In this tutorial, you learn how to make curl ignore certificate errors.

How to make curl ignore certificate errors.

The basic syntax for ignoring certificate errors with the curl command is:

curl --insecure [URL]

Alternatively, you can use:

curl -k [URL]
cURL insecure command.

A website is insecure if it has an expired, misconfigured, or no SSL certificate ensuring a safe connection. When you try to use curl to connect to such a website, the output responds with an error.

Note: The --insecure (-k) options is similar to the wget --no-check-certificate command used to avoid certificate authorities checking for a server certificate. To see how wget skips certificate checks, refer to the guide How To Use Wget Command With Examples.

For instance, if you run the command:

curl myawesomewebsite.com

The output should display the content of the URL. However, since this website has an invalid SSL certificate, it shows an error as in the example below.

curl: (60) SSL: no alternative certificate subject name matches target host name 'unixtutorial.test'

This means “peer certificate cannot be authenticated with known CA certificates.”

To bypass this constraint, you can use the --insecure (or -k) option allowing insecure server connections when using SSL. Therefore, you would run:

curl -k myawesomewebsite.com

Conclusion

After reading this article, you should know how to make curl ignore certificate errors. Although this is done simply by adding the -k option, do not instruct curl to ignore SSL errors unless required for development purposes.

Don’t miss out on our other curl guides such as how to set or change user agent with curl and how to send a delete request with curl.

Источник

cURL, by default, will ensure each SSL connection is secure by verifying the server’s SSL certificate. You’ll get SSL error when running cURL against https-based websites with SSL certificates that are either misconfigured, expired, or self-signed. 

$ curl https://www.example.com/
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

curl: (60) SSL: no alternative certificate subject name matches target host name 'www.example.com'
More details here: https://curl.haxx.se/docs/sslcerts.html

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

You can force cURL to ignore SSL certificate errors by using the insecure option. The option will skip the SSL verification process, and you’ll be able to bypass any SSL error that a site might have while still having SSL-encrypted communication.

Ignoring SSL errors is, of course, not a secure method but is helpful if you trust the website, which may or may not be owned by you. This is equivalent to using —no-check-certificate option in wget.

Steps to disable SSL certificate verification in cURL:

  1. Run curl against website with SSL error. 

    $ curl https://www.example.com/
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

  2. Use insecure option for curl to ignore SSL certificate error. 

    $ curl --insecure https://www.example.com/
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=/newpage.php">
</head>
</html>
    -k, --insecure
       (TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.

       The server connection is verified by making sure the server's certificate contains the right name and verifies successfully using the cert store.

       See this online resource for further details:
        https://curl.haxx.se/docs/sslcerts.html

       See also --proxy-insecure and --cacert.

  3. Use shortform insecure option for curl. 

    $ curl -k https://www.example.com/
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=/newpage.php">
</head>
</html>

  4. Add insecure to curl config file to apply the option to every SSL connection. 

    $ echo "insecure" >> ~/.curlrc

    Only use this method in development setting or wherever security is not critical.

  5. Test against problematic https website again without specifying insecure option. 

    $ curl https://www.example.com/
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=/newpage.php">
</head>
</html>

Discuss the article:

Comment anonymously. Login not required.

Источник

I am developing and I need to access https://localhost. I know the certificate will not match. I just want curl to ignore that. Currently it gives me the following error message:

curl: (51) SSL peer certificate or SSH remote key was not OK

Is it possible to tell curl to perform the access anyway?

asked Jan 16, 2013 at 23:09

blueFast's user avatar

1

Yeah, you can do that. From curl --help or man curl:

-k, --insecure

(SSL) This option explicitly allows curl to perform «insecure» SSL
connections and transfers. All SSL connections are attempted to be
made secure by using the CA certificate bundle installed by default.
This makes all connections considered «insecure» fail unless -k,
—insecure is used.

See this online resource for further details:
http://curl.haxx.se/docs/sslcerts.html

user524351's user avatar

answered Jan 16, 2013 at 23:11

Mathias R. Jessen's user avatar

7

curl -k or curl --insecure does NOT fix this particular error condition:

curl: (51) SSL peer certificate

Matthias's user avatar

answered Jun 28, 2014 at 21:04

user228425's user avatar

user228425user228425

2112 silver badges2 bronze badges

1

If you truly want to disable curl SSL verification, by default, for ALL use cases, you can do as suggested in this Unix stack exchange answer:

$ echo insecure >> ~/.curlrc

Now should you do this? No, as this is avoiding security checks you should have in place… but if you really really want to do this, caveat emptor!

answered Jul 22, 2020 at 20:15

Brad Parks's user avatar

Brad ParksBrad Parks

71313 silver badges20 bronze badges

Источник

  • Cureit код ошибки 1746
  • Cups ошибка добавления принтера
  • Cups внутренняя ошибка сервера
  • Cups waiting for job completed ошибка linux
  • Cuphead ошибка при запуске