CertTools Logo
CertTools

curl Commands Reference

Essential curl commands for testing HTTPS connections and inspecting certificates

🌐 Basic HTTP/HTTPS Requests

Simple GET request

curl https://example.com

Fetches content from the URL and prints to stdout.

Show response headers

curl -I https://example.com

Fetches headers only (HEAD request). Use -i to include headers with body.

Verbose output (show request/response details)

curl -v https://example.com

Shows TLS handshake, headers, and connection details. Very useful for debugging.

Follow redirects

curl -L https://example.com

Automatically follows HTTP 3xx redirects to the final destination.

Save response to file

curl -o output.html https://example.com

Use -O to use the remote filename.

🔒 Certificate Inspection

View certificate details

curl -vI https://example.com 2>&1 | grep -A 20 "Server certificate"

Shows certificate subject, issuer, expiration, and validation info.

Download server certificate

echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -out cert.pem

While this uses OpenSSL, curl can verify the saved certificate.

Show certificate expiration date

curl -vI https://example.com 2>&1 | grep "expire date"

Ignore certificate errors (UNSAFE - testing only)

curl -k https://self-signed.badssl.com

⚠️ Warning: Never use -k in production. Only for testing self-signed certificates.

Use custom CA bundle

curl --cacert /path/to/ca-bundle.crt https://example.com

Validate server certificate against specific CA bundle.

🔐 TLS/SSL Configuration

Force specific TLS version

curl --tls-max 1.2 https://example.com

Use --tlsv1.3 to require TLS 1.3, --tlsv1.2 for TLS 1.2 minimum.

Show supported TLS versions

curl -V | grep -i tls

Shows which TLS versions your curl installation supports.

Use client certificate (mTLS)

curl --cert client.pem --key client-key.pem https://example.com

For mutual TLS authentication where server requires client certificate.

Use client certificate with passphrase

curl --cert client.pem:password --key client-key.pem https://example.com

Specify SNI hostname

curl --resolve example.com:443:192.0.2.1 https://example.com

Connect to specific IP while requesting certificate for hostname (useful for testing).

📤 HTTP Methods & Headers

POST request with JSON data

curl -X POST https://api.example.com/endpoint \
  -H "Content-Type: application/json" \
  -d '{"key":"value"}'

POST request with form data

curl -X POST https://example.com/login -d "username=user&password=pass"

Add custom headers

curl -H "Authorization: Bearer token123" \
  -H "Accept: application/json" \
  https://api.example.com

PUT request

curl -X PUT https://api.example.com/resource/123 -d '{"updated":"data"}'

DELETE request

curl -X DELETE https://api.example.com/resource/123

Set User-Agent

curl -A "Mozilla/5.0 (Custom Agent)" https://example.com

🔑 Authentication

Basic authentication

curl -u username:password https://example.com

Sends credentials using HTTP Basic Auth. Use -u username to prompt for password.

Bearer token authentication

curl -H "Authorization: Bearer YOUR_TOKEN" https://api.example.com

OAuth2 / API Key

curl -H "X-API-Key: YOUR_API_KEY" https://api.example.com

Digest authentication

curl --digest -u username:password https://example.com

⏱️ Performance & Timing

Show timing breakdown

curl -w "\nDNS: %{time_namelookup}s\nConnect: %{time_connect}s\nTLS: %{time_appconnect}s\nTotal: %{time_total}s\n" \
  -o /dev/null -s https://example.com

Shows time for DNS lookup, TCP connection, TLS handshake, and total request time.

Show HTTP status code

curl -o /dev/null -s -w "%{http_code}\\n" https://example.com

Set connection timeout

curl --connect-timeout 10 https://example.com

Timeout in seconds for connection phase. Use --max-time for total operation timeout.

Limit download speed

curl --limit-rate 100K https://example.com/largefile.zip

Show transfer progress

curl -# -o file.zip https://example.com/file.zip

Shows progress bar instead of default progress meter.

🍪 Cookies & Sessions

Save cookies to file

curl -c cookies.txt https://example.com

Load cookies from file

curl -b cookies.txt https://example.com

Send specific cookie

curl -b "session_id=abc123; preferences=dark" https://example.com

Maintain session (save and load cookies)

curl -c cookies.txt -b cookies.txt https://example.com/dashboard

⚙️ Advanced Options

Use HTTP/2

curl --http2 https://example.com

Try HTTP/2, fallback to HTTP/1.1. Use --http2-prior-knowledge to require HTTP/2.

Use HTTP/3 (QUIC)

curl --http3 https://example.com

Requires curl built with HTTP/3 support (nghttp3, ngtcp2, or quiche).

Use proxy

curl -x http://proxy.example.com:8080 https://example.com

Use SOCKS5 proxy

curl --socks5 localhost:1080 https://example.com

Resume partial download

curl -C - -O https://example.com/largefile.zip

Silent mode (no progress or errors)

curl -s https://example.com

Use -sS for silent mode but show errors.