1. Overview

curl is a command-line tool that supports many web protocols like HTTPS.

In this tutorial, we’ll look at how to use curl to invoke an HTTPS endpoint.

2. Trusted CA Signed SSL Certificates

The simplest syntax to use with curl is curl <URL>. Let’s make a request using curl for calling an HTTPS endpoint:

curl https://www.baeldung.com

In this case, curl is making a GET request and returns the page source without any error because the server uses Trusted CA Signed SSL Certificates. This means that the server is using a certificate that was signed by a trusted authority.

3. Self-Signed Certificates

Sometimes, if a server is using a self-signed certificate, we’ll encounter the error “SSL certificate problem: self-signed certificate” when making a curl request. This means that the server is not using a certificate that was signed by a trusted authority.

Let’s say we’re running a local Spring Boot project that’s configured with TLS.

One way to handle this is to force curl to ignore the certificate verification, using the -k or –insecure flag:

curl -k https://localhost:8443/baeldung

However, ignoring HTTPS errors can be very insecure. Instead, another option is to use the certificate from the server we’re trying to access.

3.1. Getting Server Certificate

When we call an HTTPS endpoint using one-way SSL, the client validates the receiving server certificate with the certificate that it has available. Therefore, we’ll need to save the shared server certificate in the client.

To retrieve a list of server certificates, we’ll use the OpenSSL command, with the -showcerts argument:

openssl s_client -showcerts -connect <Domain Name or IP Address>:<Port>

The -showcerts option prints out the complete certificate chain. We can save the certificates into a file to invoke the endpoint:

openssl s_client -showcerts -connect https://localhost:8443/baeldung </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > baeldung.pem

3.2. Invoking an HTTPS Endpoint

To invoke the HTTPS endpoint, we’ll first save the server certificate baeldung.pem from the local server using the OpenSSL command or keystore file.

Then we’ll use the server certificate in the curl request along with the –cacert option:

curl --cacert baeldung.pem https://localhost:8443/baeldung

4. Conclusion

In this tutorial, we described how to invoke an HTTPS endpoint using the curl tool.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.