Troubleshooting SSL Certificate Issues with Curl on Windows

Published on 2024.02.13

Introduction

In this article, we will explore how to troubleshoot SSL certificate issues when using Curl on Windows. Curl is a popular command-line tool used for transferring data with various protocols, including HTTPS. However, sometimes we may encounter SSL certificate-related errors while using Curl, and this article aims to provide solutions to common problems.

1. Verify Curl Installation

Before troubleshooting SSL certificate issues, ensure that Curl is properly installed on your Windows machine. You can do this by opening a command prompt and typing curl --version. If Curl is installed, it will display the version number; otherwise, you need to install it before proceeding.

2. Check SSL Certificate Expiration

An expired SSL certificate can cause Curl to reject the connection. To check the SSL certificate expiration, you can use the OpenSSL command-line tool. Execute the following command: openssl s_client -connect example.com:443 -showcerts. Replace example.com with the domain you are testing. Look for the 'notAfter' field to determine the certificate's expiration date.

3. Update Curl-ca-bundle.crt

Curl uses a default bundle of CA certificates to verify SSL connections. Sometimes, the bundle may be outdated or missing necessary certificates. Download the latest bundle from https://curl.se/ca/cacert.pem and replace the existing curl-ca-bundle.crt file located in the same directory as Curl. This ensures that Curl can verify SSL certificates correctly.

4. Disable SSL Verification (Not Recommended)

If you are unable to resolve the SSL certificate issue, you can disable SSL verification as a temporary workaround. However, this is not recommended as it compromises the security of your connections. To disable SSL verification in Curl, use the -k or --insecure option. For example, curl -k https://example.com.

5. Specify Custom CA Certificate Bundle

In some cases, you may have a custom CA certificate bundle that is not included in Curl's default bundle. You can specify a custom bundle using the --cacert option followed by the path to the bundle file. For example, curl --cacert /path/to/custom-ca-bundle.crt https://example.com.

Conclusion

SSL certificate issues can cause challenges when using Curl on Windows. By following the troubleshooting steps outlined in this article, you can resolve common SSL certificate-related problems and ensure secure connections with Curl.