Allowing PHP cURL to access self-signed websites without verifying the SSL certificate

| By Webner

By default, each cURL request can access only SSL certified websites. However, at times it is required to access those sites which are self-signed. To verify that your cURL request is able to access self-signed websites or not, use below command:

curl <URL of the domain to be access>

If your request is able to access the website, then it must return some default response from the server. In case of certificate error, the request will throw below SSL error:
To turn off the verification of the SSL certificate for your cURL, add below line to your request:

curl_setopt ( $curl, CURLOPT_SSL_VERIFYPEER, false);

Along with this, add CA certificate for creating self-signed requests to access remote SSL certified websites. To download the file, visit below mentioned website:

Download the latest version of cacert.pem file from the website and place it at the same location where your curl request file exists.

After completing above steps your cURL request is ready to access self-signed websites without throwing any errors.

Below is a sample cURL request in PHP:

function generateToken() {
$service_url = 'https://URLToAccess';
$curl = curl_init ( $service_url );

$loginRequest = array (
'username' => 'testUser',
'password' => 'test123',

$data_string = json_encode ( $loginRequest );
$options = array (
CURLOPT_RETURNTRANSFER => true, // true to return the result as string of value
'Content-Type: application/json','Content-Length: ' . strlen ( $data_string ) //sets custom HTTP headers
curl_setopt_array ( $curl, $options ); //setting options for curl request
curl_setopt ( $curl, CURLOPT_CUSTOMREQUEST, "POST" ); //sending the request as post/get

// connect to the link via SSL without checking certificate
curl_setopt ( $curl, CURLOPT_SSL_VERIFYPEER, false); //false will prevent curl from verifying the SSL certificate

$response_json = curl_exec ( $curl ); //execute curl
curl_close ( $curl );
$response = json_decode($response_json ,true); //decoding the response in json format

generateToken(); //calling the function

Leave a Reply

Your email address will not be published. Required fields are marked *