cURL uses different network protocols to transfer data. It by default tries to establish a secure connection by verifying the SSL certificates.
But, when it fails to find a valid certificate, the connection will end up with the cURL error 51.
At Bobcares, we often get requests to fix cURL errors, as a part of our Server Management Services. Today, let’s discuss some tips to fix this cURL error.
Why does cURL error 51(SSL peer certificate) occur?
cURL is an open-source command-line tool that transfers data using network protocols. When cURL tries to connect with a remote service, it uses secure protocols like HTTPS.
When there is a problem with the SSL certificate, it ends up in cURL error 51. And we solve this by fixing the certificates.
Recently, one of our customers approached us with the below error message.
Let’s see the possible ways to fix this error.
How to fix the cURL error 51(SSL peer certificate)?
To fix this error our Support Team usually fixes the certificates used. But there is an alternate option to ignore the cURL verification which we don’t recommend as it is not secure.
Check the cURL SSH connection
Initially, we cross-check the fingerprint of the server in the /.ssh/known_hosts file. We also make sure that the curl version and SSH version uses the same fingerprint.
Hence the cURL can connect using SSH without any error.
Check the SSL certificate
Whenever users approach us with this error, we check the certificates in the server. Sometimes an empty certificate file can be a problem. Hence we ask users to use a valid certificate.
Also using the CURLOPT_SSL_VERIFYPEER option in the cURL request need a valid SSL certificate. Here the self-signed certificate may not work.
So we ask the users to use a valid certificate for a secure connection.
Developers often want to test URL requests for their applications. And cURL errors are most obvious here.
Especially when they try to access a secure domain that uses HTTPS protocol. Usually, this can end up in cURL error 51.
In such cases, just for testing, we ask them to disable the cURL certificate verification. For this, we ask them to use,
-k or --insecure options in the command line requests.
The insecure option allows cURL to perform insecure SSL connections and transfers.
Alternatively, to ignore verification we ask then to change a few settings in the cURL request code. And they are,
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
But using this option in live websites can lead to many security threats like man-in-the-middle attacks. Hence we highly recommend avoiding this usage, unless for testing purposes.
[Need assistance in fixing cURL errors? – Our Experts are available 24/7.]
The cURL error 51 SSL peer certificate, indicates that there is a problem with SSL Certificate. Today, we saw how our Support Engineers fixed the error.