# curl | permanently disable ssl check?



## FlorinMarian (Mar 10, 2021)

Hi!
I have a private subdomain which is self signed and curl doesnt call it because it says:

```
SSL certificate problem: self signed certificate
```
is there any way to permanently disable this option ? (not with extra arguments when calling curl)

Thank you!


----------



## zirias@ (Mar 10, 2021)

If you're in control of the machine this is running on, add that certificate to the trusted ones?

Globally disabling certificate checks MIGHT be possible (I don't know), but would render the whole point of SSL moot…



FlorinMarian said:


> (not with extra arguments when calling curl)


If you just want to avoid typing, maybe create a shell alias for "insecure curl"? I didn't try, but this could be the option you're looking for:

```
-k, --insecure
              (TLS) By default, every SSL connection curl makes is verified to
              be secure. This option allows curl to proceed and operate even
              for server connections otherwise considered insecure.
              [...]
```


----------



## FlorinMarian (Mar 10, 2021)

Zirias said:


> If you're in control of the machine this is running on, add that certificate to the trusted ones?
> 
> Globally disabling certificate checks MIGHT be possible (I don't know), but would render the whole point of SSL moot…
> 
> ...


Can u tell me, please - how to add my certs to trust list?
Thank you!


----------



## zirias@ (Mar 10, 2021)

Create a symlink to the certificate in /etc/ssl/certs, named `<hash>.0`.
To find the hash, run `openssl x509 -in <yourcert> -noout -hash`.

*edit:* Late side notes:
If there's a hash collision, increment the extension. E.g. I have cd8c0d63.0 and cd8c0d63.1 there.
Q to other readers: Is there a tool to add these symlinks in a convenient way?


----------

