Https connection using curl on Linux

curl is a versatile command-line tool that supports various protocols including HTTPS for secure web connections. It enables users to transfer data from or to servers and is commonly used for connecting to web servers and retrieving data. This tutorial covers how to use curl to make secure HTTPS connections and handle SSL/TLS certificates properly.

What is Curl?

Curl is a command-line tool that allows users to transfer data from or to a server using various protocols, including HTTP, HTTPS, FTP, and more. It supports many different types of websites and can be used to connect to any website securely.

The main features of curl include ?

• Downloading and uploading files from FTP or HTTP servers

• Making GET and POST requests

• Handling user authentication and cookies

• Supporting SSL/TLS connections

• Retrieving form information and headers

Basic HTTPS Connection

The simplest syntax to use with curl is curl <URL>. Let's make a request using curl for calling an HTTPS endpoint ?

curl https://www.tutorialspoint.com

If curl makes a GET request and receives the page source without issues, the server is likely using a Trusted CA Signed SSL certificate, which means it has been verified by a reliable Certificate Authority.

Trusted CA Signed SSL Certificates

When making an HTTPS connection, it is important to ensure that the server you are connecting to is trusted. This is done by verifying the server's SSL certificate. The certificate must be signed by a trusted Certificate Authority (CA). If the certificate is not signed by a trusted CA, your connection will not be secure and any data sent over the connection could be intercepted.

Self-Signed Certificates

If a web service uses an SSL/TLS connection but doesn't use a valid SSL/TLS certificate, you may see an error message similar to "SSL handshake failed." This usually indicates that the web service isn't configured properly for HTTPS connections or is using a self-signed certificate.

You can use curl to ignore the SSL/TLS certificate check by adding the -k or --insecure option ?

curl -k https://localhost:8443/endpoint

Warning: Using the -k option makes you vulnerable to man-in-the-middle attacks. Use it only for testing purposes.

Getting Server Certificate

One-way SSL validation verifies the server certificate against a local copy. To save the server certificate locally, use the openssl command with the -showcerts argument ?

openssl s_client -showcerts -connect <domain>:<port>

To save the certificates to a file for later use ?

openssl s_client -showcerts -connect localhost:8443 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > server.pem

Using Custom Certificate with Curl

To access an HTTPS endpoint with a custom certificate, use the --cacert option to specify the certificate file ?

curl --cacert server.pem https://localhost:8443/endpoint

Common Curl HTTPS Options

Examples

GET Request with Headers

curl -H "Accept: application/json" -H "User-Agent: MyApp/1.0" https://api.example.com/data

POST Request with JSON Data

curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}' https://api.example.com/submit

Download File via HTTPS

curl -o downloaded_file.zip https://example.com/file.zip

Conclusion

Curl is an essential tool for making secure HTTPS connections from the command line. While it automatically handles trusted CA certificates, you can use custom certificates with --cacert or bypass verification with -k for testing. Always prioritize security by using proper SSL certificate validation in production environments.