Edited at

自己証明のSSLを利用しているURLに対して、curlでリクエストする

More than 3 years have passed since last update.


概要

検証環境などで、自己証明のSSLを利用している場合、curlでリクエストする場合insecureオプションが必要になります。


オプションなし

% curl https://dev.xxxxx.com/ --max-time 10 --verbose

* Hostname was NOT found in DNS cache
* Trying XXX.XXX.XX.XX...
* Connected to dev.buyma.com (XXX.XXX.XX.XX) port 443 (#0)
* SSL certificate problem: Invalid certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'
d like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.


オプションあり

% curl https://dev.xxxxx.com/  --max-time 10 --verbose --insecure

* Hostname was NOT found in DNS cache
* Trying XXX.XXX.XX.XX...
* Connected to dev.xxxxx.com (XXX.XXX.XX.XX) port 443 (#0)
* TLS 1.0 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate: dev.xxxxx.com
> GET / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: dev.xxxxx.com
> Accept: */*
>
< HTTP/1.1 200 OK


参考