{"id":76347,"date":"2025-07-07T16:19:47","date_gmt":"2025-07-07T15:19:47","guid":{"rendered":"https:\/\/proxidize.com\/?post_type=blog&#038;p=76347"},"modified":"2025-10-23T11:51:12","modified_gmt":"2025-10-23T10:51:12","slug":"curl-ignore-ssl","status":"publish","type":"blog","link":"https:\/\/proxidize.com\/blog\/curl-ignore-ssl\/","title":{"rendered":"How to Ignore SSL Certificate in cURL and When It\u2019s Safe To"},"content":{"rendered":"\n<p>If you ever worked with APIs or tested HTTPS endpoints using <a href=\"https:\/\/curl.se\/\" target=\"_blank\" rel=\"noopener\"><code>curl<\/code><\/a>, you\u2019ve probably run into a frustrating SSL error \u2014 especially when dealing with <a href=\"https:\/\/letsencrypt.org\/docs\/certificates-for-localhost\/\" target=\"_blank\" rel=\"noopener\">self-signed certificates<\/a> or local environments. To quickly get past it, many developers use the <code>-k<\/code> or <code>\u2014insecure<\/code> flag to \u201cignore SSL\u201d. But what exactly does this do? And is it safe?<\/p>\n\n\n\n<p>In this article, we\u2019ll explore how curl handles <a href=\"https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security\" target=\"_blank\" rel=\"noopener\">SSL verification<\/a>, what happens when you bypass it using <code>-k<\/code>, and \u2014 most importantly \u2014 when doing so is acceptable or poses a serious security risk. Whether you&#8217;re debugging a local server or building automation scripts, understanding this tiny flag can save you time and possibly protect you from a security breach.<\/p>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized centered\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/what-is-ssl-verification-in-curl-1-1024x536.jpg\" alt=\"A drawing of a computer screen with a shield on it and a piece of paper with a padlock on it under the title &quot;What is SSL Verification in cURL?&quot;.\" class=\"wp-image-78130\" srcset=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/what-is-ssl-verification-in-curl-1-1024x536.jpg 1024w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/what-is-ssl-verification-in-curl-1-300x157.jpg 300w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/what-is-ssl-verification-in-curl-1-768x402.jpg 768w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/what-is-ssl-verification-in-curl-1-600x314.jpg 600w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/what-is-ssl-verification-in-curl-1.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">What is SSL Verification in cURL?<\/h2>\n\n\n\n<p>When you make an HTTPS request using <code>curl<\/code>, it doesn\u2019t just connect to the server it also verifies that the server\u2019s SSL\/TLS certificate is valid and trustworthy. This process is called SSL certificate verification, and it\u2019s an important security feature built into <code>curl<\/code> by default.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Why it matters:<\/strong><\/h4>\n\n\n\n<p><a href=\"https:\/\/www.cloudflare.com\/learning\/ssl\/what-is-ssl\/\" target=\"_blank\" rel=\"noopener\">SSL (Secure Sockets Layer)<\/a>, or more accurately <a href=\"https:\/\/www.cloudflare.com\/learning\/ssl\/transport-layer-security-tls\/\" target=\"_blank\" rel=\"noopener\">TLS (Transport Layer Security)<\/a>, is what keeps your data encrypted when sent over the internet. Before <code>curl<\/code> sends any data to the server, it checks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Is the certificate issued by a trusted <a href=\"https:\/\/en.wikipedia.org\/wiki\/Certificate_authority\" target=\"_blank\" rel=\"noopener\">Certificate Authority (CA)<\/a>?<\/li>\n\n\n\n<li>Is the certificate expired or still valid?<\/li>\n\n\n\n<li>Does the certificate match the domain name you&#8217;re connecting to?<\/li>\n<\/ul>\n\n\n\n<p>If any of these checks fail, <code>curl<\/code> will stop the request and return an error like:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#e0def4;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#e0def4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>curl: (60) SSL certificate problem: self signed certificate<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki rose-pine-moon\" style=\"background-color: #232136\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #e0def4\">curl: (60) SSL certificate problem: self signed certificate<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>This behavior is intentional and protective; it prevents you from accidentally sending sensitive data to a potentially malicious or misconfigured server.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#e0def4;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#e0def4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>curl https:\/\/example.com\n# If the SSL cert is invalid or untrusted, you'll see an error.<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki rose-pine-moon\" style=\"background-color: #232136\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #EA9A97\">curl<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">https:\/\/example.com<\/span><\/span>\n<span class=\"line\"><span style=\"color: #908CAA; font-style: italic\">#<\/span><span style=\"color: #6E6A86; font-style: italic\"> If the SSL cert is invalid or untrusted, you&#39;ll see an error.<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>So when you see an SSL error in <code>curl<\/code>, it\u2019s not a bug; it&#8217;s a warning that something might be wrong with the server\u2019s security setup.<\/p>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized centered\"><img decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/how-to-ignore-ssl-in-curl-1-1024x536.jpg\" alt=\"A drawing of a shield with a warning sign on it under the title &quot;How to Ignore SSL in cURL&quot;.\" class=\"wp-image-78129\" srcset=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/how-to-ignore-ssl-in-curl-1-1024x536.jpg 1024w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/how-to-ignore-ssl-in-curl-1-300x157.jpg 300w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/how-to-ignore-ssl-in-curl-1-768x402.jpg 768w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/how-to-ignore-ssl-in-curl-1-600x314.jpg 600w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/how-to-ignore-ssl-in-curl-1.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">How to Ignore SSL in cURL<\/h2>\n\n\n\n<p>If you\u2019re working with a local server, a staging environment, or an internal tool using a self-signed or misconfigured certificate, <code>curl<\/code> will throw an SSL error by default. In such cases when you\u2019re sure the connection is safe you can bypass SSL certificate verification using the <code>-k<\/code> or <code>--insecure<\/code> flag and you have two options: the basic and the long version syntax.<\/p>\n\n\n\n<p>Basic syntax:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#e0def4;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#e0def4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>curl -k https:\/\/your-url.com<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki rose-pine-moon\" style=\"background-color: #232136\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #EA9A97\">curl<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #3E8FB0\">-k<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">https:\/\/your-url.com<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Long version:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#e0def4;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#e0def4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>curl --insecure https:\/\/your-url.com<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki rose-pine-moon\" style=\"background-color: #232136\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #EA9A97\">curl<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #3E8FB0\">--insecure<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">https:\/\/your-url.com<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>This tells curl to skip the SSL certificate checks entirely. The request will go through, even if the certificate is invalid, expired, or self-signed.<\/p>\n\n\n\n<p>However, using <code>-k<\/code> makes your connection vulnerable to <a href=\"https:\/\/en.wikipedia.org\/wiki\/Certificate_authority\" target=\"_blank\" rel=\"noopener\">man-in-the-middle (MITM)<\/a> attacks because you&#8217;re disabling the very mechanism that ensures you&#8217;re talking to the correct server. That\u2019s why this flag should only be used in specific scenarios, namely:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In trusted environments (like your local machine)<\/li>\n\n\n\n<li>For debugging or testing purposes<\/li>\n\n\n\n<li>With full awareness of the security implications<\/li>\n<\/ul>\n\n\n\n<p><strong>Never<\/strong> use <code>-k<\/code> in production scripts, on public networks, or with sensitive data.<\/p>\n\n\n\t\t<div data-elementor-type=\"container\" data-elementor-id=\"85913\" class=\"elementor elementor-85913\" data-elementor-post-type=\"elementor_library\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2bece1e e-con-full no-scale elementor-hidden-mobile_extra elementor-hidden-mobile e-flex e-con e-child\" data-id=\"2bece1e\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-6238a87 e-grid e-con-full e-con e-child\" data-id=\"6238a87\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-f8e1416 e-con-full e-flex e-con e-child\" data-id=\"f8e1416\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-25ccff7 elementor-widget elementor-widget-heading\" data-id=\"25ccff7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"elementor-heading-title elementor-size-default\">A completely anonymous profile starts<br>\nwith the highest quality mobile proxies<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8dff58a e-con-full e-flex e-con e-child\" data-id=\"8dff58a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-ffecf2a e-con-full e-flex e-con e-child\" data-id=\"ffecf2a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-75ae4a0 elementor-widget__width-initial elementor-widget elementor-widget-image\" data-id=\"75ae4a0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"125\" height=\"80\" src=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/10\/20-2.svg\" class=\"attachment-full size-full wp-image-86191\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-40324b9 inline-CTA elementor-widget elementor-widget-button\" data-id=\"40324b9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/proxidize.com\/mobile-proxy-pricing\/?coupon_code=20OFFMPB\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Buy Proxies Now<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized centered\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/when-is-it-okay-to-ignore-ssl-1-1024x536.jpg\" alt=\"A drawing of a padlock with a forbidden sign on it under the title &quot;When is it Okay to Ignore SSL?&quot;.\" class=\"wp-image-78128\" srcset=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/when-is-it-okay-to-ignore-ssl-1-1024x536.jpg 1024w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/when-is-it-okay-to-ignore-ssl-1-300x157.jpg 300w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/when-is-it-okay-to-ignore-ssl-1-768x402.jpg 768w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/when-is-it-okay-to-ignore-ssl-1-600x314.jpg 600w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/when-is-it-okay-to-ignore-ssl-1.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">When is it Okay to Ignore SSL?<\/h2>\n\n\n\n<p>While skipping SSL verification with <code>curl<\/code> <code>-k<\/code> is generally discouraged, there are a few limited, controlled scenarios where it\u2019s acceptable, even practical to use it. The key is understanding the context and risks. Safe use cases include:<\/p>\n\n\n\n<p><strong>Local Development<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You&#8217;re working on <code>localhost<\/code> with a self-signed certificate.<\/li>\n\n\n\n<li>The SSL cert isn\u2019t from a trusted Certificate Authority (CA), but you trust it because you generated it yourself.<\/li>\n<\/ul>\n\n\n\n<p><strong>Testing\/Staging Environments<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Temporary systems where security isn\u2019t the top priority (yet).<\/li>\n\n\n\n<li>For example, automated tests or internal QA setups using mock data.<\/li>\n<\/ul>\n\n\n\n<p><strong>Internal or Isolated Networks<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Servers are behind a firewall or VPN, and both client and server are under your full control.<\/li>\n\n\n\n<li>No public internet exposure, and risk of interception is extremely low.<\/li>\n<\/ul>\n\n\n\n<p><strong>Short-Term Debugging<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You\u2019re quickly diagnosing an issue with an endpoint and want to isolate the problem without worrying about SSL errors.<\/li>\n\n\n\n<li>As long as you remember to remove the flag later<\/li>\n<\/ul>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Still, be cautious. Even in these \u201csafe\u201d situations, it&#8217;s better practice to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use tools like <a href=\"https:\/\/github.com\/FiloSottile\/mkcert\" target=\"_blank\" rel=\"noopener\"><code>mkcert<\/code><\/a> to generate trusted certs for local dev.<\/li>\n\n\n\n<li>Add your self-signed cert to your system\u2019s trust store.<\/li>\n\n\n\n<li>Fix the SSL issue instead of working around it permanently.<\/li>\n<\/ul>\n\n\n\n<p>Using <code>curl<\/code> <code>-k<\/code> should always be a temporary workaround, not a long-term solution.<\/p>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized centered\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/why-ignoring-ssl-in-production-is-dangerous-1-1024x536.jpg\" alt=\"A drawing of a shield with a padlock that has the letters SSL on it next to a warning sign under the title &quot;Why Ignoring SSL in Production is Dangerous&quot;.\" class=\"wp-image-78127\" srcset=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/why-ignoring-ssl-in-production-is-dangerous-1-1024x536.jpg 1024w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/why-ignoring-ssl-in-production-is-dangerous-1-300x157.jpg 300w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/why-ignoring-ssl-in-production-is-dangerous-1-768x402.jpg 768w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/why-ignoring-ssl-in-production-is-dangerous-1-600x314.jpg 600w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/why-ignoring-ssl-in-production-is-dangerous-1.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Why Ignoring SSL in Production Is Dangerous<\/h2>\n\n\n\n<p>Using the <code>-k<\/code> or <code>--insecure<\/code> flag in production environments might seem like a quick fix, but it\u2019s one of the riskiest shortcuts you can take. SSL\/TLS is what protects data in transit, verifies the identity of servers, and prevents third parties from intercepting or altering your data. Disabling it effectively removes all of that protection.<\/p>\n\n\n\n<p><strong>Here\u2019s why it\u2019s a bad idea in production:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>MITM Attacks:<\/strong> If you&#8217;ve turned off SSL verification, bad actors can intercept your data or impersonate the server, which is especially bad on a public Wi-Fi network or cloud server.<\/li>\n\n\n\n<li><strong>Insecure Data:<\/strong> All information sent over an insecure connection is at risk of interception, from login details, API keys, and more.<\/li>\n\n\n\n<li><strong>Break HTTPS:<\/strong> SSL certificates are how you guarantee you&#8217;re not talking to a hijacked or faked server \u2014 ignoring SSL removes this safety net.<\/li>\n\n\n\n<li><strong>Non-Compliance:<\/strong> Safety, security, and privacy regulations like SOC 2, GDPR and others require data to be protected, and ignoring SSL violates those standards.<\/li>\n\n\n\n<li><strong>Missing Real Security Issues:<\/strong> In normal circumstances you&#8217;ll get SSL errors regarding expired or revoked certificates \u2014 by ignoring SSL certificates you have no way of knowing those errors are being thrown.<\/li>\n<\/ol>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized centered\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/alternatives-to-ignoring-ssl-with-curl-1024x536.jpg\" alt=\"A drawing of a padlock on a piece of paper and a shield under the title &quot;Alternatives to Ignoring SSL with cURL&quot;.\" class=\"wp-image-78126\" style=\"object-fit:cover\" srcset=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/alternatives-to-ignoring-ssl-with-curl-1024x536.jpg 1024w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/alternatives-to-ignoring-ssl-with-curl-300x157.jpg 300w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/alternatives-to-ignoring-ssl-with-curl-768x402.jpg 768w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/alternatives-to-ignoring-ssl-with-curl-600x314.jpg 600w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/alternatives-to-ignoring-ssl-with-curl.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Alternatives to Ignoring SSL with cURL<\/h2>\n\n\n\n<p>As a developer you have other, safer, options to resolve SSL-related issues rather than using<code> curl -k <\/code>to bypass SSL verification. Let&#8217;s talk about some of the options:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Use a Trusted Certificate<\/h3>\n\n\n\n<p>The most straightforward fix is to install a valid SSL certificate issued by a trusted Certificate Authority (CA). You can get one for free using:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/letsencrypt.org\/\" target=\"_blank\" rel=\"noopener\">Let\u2019s Encrypt<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cloudflare.com\/application-services\/products\/ssl\/\" target=\"_blank\" rel=\"noopener\">Cloudflare SSL<\/a> (for proxies or edge)<\/li>\n<\/ul>\n\n\n\n<p>This ensures your certificate will pass cURL\u2019s default verification.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Use mkcert for Local Development<\/h3>\n\n\n\n<p>If you&#8217;re working locally and don\u2019t want to mess with full CA signing, <code>mkcert<\/code> is a great tool. It creates locally-trusted development certificates without requiring the -k flag.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#e0def4;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#e0def4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>mkcert localhost<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki rose-pine-moon\" style=\"background-color: #232136\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #EA9A97\">mkcert<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">localhost<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Then, configure your server to use the generated certificate, and cURL won\u2019t complain.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Add the Certificate to Your Trusted Store<\/h3>\n\n\n\n<p>If you\u2019re using a self-signed certificate, you can <strong>explicitly trust it<\/strong> by adding it to your system\u2019s certificate store or passing it to curl using &#8211;cacert.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#e0def4;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#e0def4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>curl --cacert \/path\/to\/certificate.pem https:\/\/your.server.com<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki rose-pine-moon\" style=\"background-color: #232136\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #EA9A97\">curl<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #3E8FB0\">--cacert<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">\/path\/to\/certificate.pem<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">https:\/\/your.server.com<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>This lets cURL verify SSL without disabling it entirely.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. Fix the Root Issue<\/h3>\n\n\n\n<p>Often, SSL issues are due to misconfiguration: expired certs, wrong domain names, or missing intermediate certs. It&#8217;s better to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Regenerate the certificate properly<\/li>\n\n\n\n<li>Check the certificate chain<\/li>\n\n\n\n<li>Ensure the server is serving the full certificate bundle<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5. Use Environment-Based Logic (Advanced)<\/h3>\n\n\n\n<p>If you&#8217;re writing scripts or apps, consider toggling SSL verification based on environment variables:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#e0def4;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#e0def4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>if &#091;\"$ENV\" = \"production\"&#093;; then\ncrul https:\/\/api.yourdomain.com\nelse\ncurl -k https:\/\/dev.api.yourdomain.com\nfi<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki rose-pine-moon\" style=\"background-color: #232136\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #3E8FB0\">if<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #908CAA\">&#091;<\/span><span style=\"color: #F6C177\">&quot;<\/span><span style=\"color: #E0DEF4; font-style: italic\">$ENV<\/span><span style=\"color: #F6C177\">&quot;<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #3E8FB0\">=<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">&quot;production&quot;<\/span><span style=\"color: #908CAA\">&#093;;<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #3E8FB0\">then<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EA9A97\">crul<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">https:\/\/api.yourdomain.com<\/span><\/span>\n<span class=\"line\"><span style=\"color: #3E8FB0\">else<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EA9A97\">curl<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #3E8FB0\">-k<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">https:\/\/dev.api.yourdomain.com<\/span><\/span>\n<span class=\"line\"><span style=\"color: #3E8FB0\">fi<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Keep in mind that <strong>even in dev, it&#8217;s better to fix SSL instead of ignoring it<\/strong>.<\/p>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large is-resized centered\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/best-practices-when-ignoring-ssl-with-curl-1-1024x536.jpg\" alt=\"A drawing of a code block and certificate under the title &quot;Best Practices When Ignoring SSL with cURL&quot;.\" class=\"wp-image-78125\" srcset=\"https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/best-practices-when-ignoring-ssl-with-curl-1-1024x536.jpg 1024w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/best-practices-when-ignoring-ssl-with-curl-1-300x157.jpg 300w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/best-practices-when-ignoring-ssl-with-curl-1-768x402.jpg 768w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/best-practices-when-ignoring-ssl-with-curl-1-600x314.jpg 600w, https:\/\/proxidize.com\/wp-content\/uploads\/2025\/07\/best-practices-when-ignoring-ssl-with-curl-1.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Best Practices When Ignoring SSL with cURL<\/h2>\n\n\n\n<p>Rather than unlearn bad habits, it&#8217;s best to use best practices from the jump. This is especially true when working work cURL and SSL. Using curl -k to ignore SSL might be more convenient, but as we discussed, creates security risks where none need to exist. Here are some best practices to follow:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Avoid -k in Scripts and Automation<\/h3>\n\n\n\n<p>Unless you have a very specific reason not to, always verify certificates. Don&#8217;t hardcode -k into shell scripts, production systems, or CI pipelines. It can create silent vulnerabilities. You may forget to undo that change and create silent, avoidable, vulnerabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Address the Root Problem<\/h3>\n\n\n\n<p>Rather than hide the problem with &#8211;insecure, solve the underlying problem by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using a valid certificate<\/li>\n\n\n\n<li>Making sure the hoestname matches<\/li>\n\n\n\n<li>Checking that the full certificate is provided by the serverIf SSL verification fails, try to solve the root cause:<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Use Environment-Specific Certificates<\/h3>\n\n\n\n<p>Use tools like <code>mkcert<\/code> for local development and trusted <a href=\"https:\/\/www.ssl.com\/article\/what-is-a-certificate-authority-ca\/\" target=\"_blank\" rel=\"noopener\">CA-issued certificates<\/a> for production. This keeps dev environments flexible without compromising prod security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Use &#8211;cacert or &#8211;cert Instead of -k<\/h3>\n\n\n\n<p>If you&#8217;re working with internal or self-signed certs, provide cURL with a trusted cert directly:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.75rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#e0def4;--cbp-line-number-width:calc(1 * 0.6 * .75rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#e0def4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>curl --cacert \/path\/to\/ca.pem https:\/\/your-server.com<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki rose-pine-moon\" style=\"background-color: #232136\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #EA9A97\">curl<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #3E8FB0\">--cacert<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">\/path\/to\/ca.pem<\/span><span style=\"color: #E0DEF4\"> <\/span><span style=\"color: #F6C177\">https:\/\/your-server.com<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div style=\"height:12px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>This maintains security while allowing for non-public certs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Document and Review Exceptions<\/h3>\n\n\n\n<p>If you ever need to disable SSL verification (even temporarily), document why, where, and when&nbsp; and include a reminder to fix it. Regularly review your code and scripts for insecure flags like <code>-k<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Educate Your Team<\/h3>\n\n\n\n<p>Sometimes shortcuts are copied without understanding the risks. Make sure your team knows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What <code>-k<\/code> does<\/li>\n\n\n\n<li>When it\u2019s appropriate (rarely)<\/li>\n\n\n\n<li>Safer alternatives they can use<\/li>\n<\/ul>\n\n\n\n<div style=\"height:24px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Even though curl -k and the &#8211;insecure flag are really convenient during development, hardcoding them into your script or CI\/CD pipeline is a bad idea. Other than the security issues it creates, you might forget you put them in and create a security problem where none needed to exist.<\/p>\n\n\n\n<p><strong>Key Takeaways:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>curl -k<\/code> disables SSL verification.<\/li>\n\n\n\n<li>There are really specific situations in which it&#8217;s okay to ignore SSL: local development, staging, on internal networks, and when you&#8217;re debugging.<\/li>\n\n\n\n<li>Ignoring SSL in a production setting can lead to data leaks, attacks form bad actors, and more.<\/li>\n\n\n\n<li>Use trusted certs, mkcert, or &#8211;cacert instead of curl -k.<\/li>\n\n\n\n<li>Fix the underlying issue with your SSL instead of ignoring it.<\/li>\n<\/ul>\n\n\n\n<p>SSL certificates exist for a reason \u2014 protecting data, combating spoofed or hijacked servers, and more \u2014 and being careless with where you use cURL to ignore SSL is bad practice. With that being said, we know you&#8217;re going to do it anyway, so at least do it properly.<\/p>\n","protected":false},"author":8854,"featured_media":78131,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","categories":[266],"tags":[],"class_list":["post-76347","blog","type-blog","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-tutorials-and-programming"],"acf":[],"_links":{"self":[{"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/blog\/76347","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/users\/8854"}],"replies":[{"embeddable":true,"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/comments?post=76347"}],"version-history":[{"count":9,"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/blog\/76347\/revisions"}],"predecessor-version":[{"id":87233,"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/blog\/76347\/revisions\/87233"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/media\/78131"}],"wp:attachment":[{"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/media?parent=76347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/categories?post=76347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/proxidize.com\/wp-json\/wp\/v2\/tags?post=76347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}