Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Curl with custom CA certificates

Using curl with custom CA certificates

This document describes how to use curl with both custom and official CA SSL certificates.


You would need first to install curl , see Using a package manager such as yum, brew, ... for your platform should be the easiest though.

Example for Mac OS:

brew install curl --with-openssl
brew link curl --force
curl --version

CA directory

Create a CA directory which will contain all your CA certificates in the .pem format (ex: /etc/pki/ssl/ca).

Export a custom CA from the firefox browser

Note that this step is only necessary, if you don't already have your custom CA in pem format.

If you open a SSL protected webpage in the firefox browser:

  • click on the lock on the left of the url
  • Then "more information ..."/Security/"View certificate"/Details/"Export ..."/"X.509 Certificate (PEM)"

Export the .pem file in your CA directory

Get all the officially supported certificate authorities

In you CA directory:

curl -o firefox.pem

Merge all your .pem in one

In you CA directory:

cat *.pem > ca-all.pem

Configuring cacert

From now on, you should be able configure curl to use your merged CA:

curl --cacert /etc/pki/ssl/ca/ca-all.pem

You may prefer to update .curlrc by adding the line:

cacert /etc/pki/ssl/ca/ca-all.pem


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment