cURL Auth, TLS, and Proxy Security

cURL•Permalink

Authentication, cookies, TLS verification, client certs, pinned keys, and proxy-secured curl workflows.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

## Credentials and Sessions

Use credentials from .netrc

↗#

curl --netrc https://example.com/protected

# Load login credentials from a `.netrc` file.

Use a custom netrc file

↗#

curl --netrc-file ./my.netrc https://example.com/protected

# Read machine credentials from a specific netrc file.

HTTP Digest auth

↗#

curl --digest -u 'user:password' https://example.com/protected

# Authenticate with Digest auth if the server supports it.

SPNEGO / Negotiate auth

↗#

curl --negotiate -u : https://example.com/protected

# Use Negotiate auth with credentials from the environment or Kerberos setup.

Auto-negotiate auth method

↗#

curl --anyauth -u 'user:password' https://example.com/protected

# Let curl probe and select an auth scheme.

Follow redirects and send auth

↗#

curl -L --location-trusted -u 'user:password' https://example.com/start

# Follow redirects and keep auth across hosts only when you explicitly trust it.

## TLS and Certificates

Require TLS 1.2

↗#

curl --tlsv1.2 https://example.com

# Require TLS 1.2 or newer for the connection.

Set maximum TLS version

↗#

curl --tls-max 1.3 https://example.com

# Cap the TLS protocol version used by curl.

Use a CA certificate directory

↗#

curl --capath /etc/ssl/certs https://example.com

# Use a directory of CA certificates instead of a single bundle file.

Use a PKCS#12 client certificate

↗#

curl --cert client.p12:mypassword --cert-type P12 https://mtls.example.com

# Authenticate with a P12 / PFX certificate bundle.

Pin a public key

↗#

curl --pinnedpubkey sha256//BASE64HASH https://example.com

# Verify the server public key against a pinned key.

Use a certificate revocation list

↗#

curl --crlfile revoked.pem https://example.com

# Check server certs against a CRL file.

Request certificate status checks

↗#

curl --cert-status https://example.com

# Require certificate status validation via TLS stapling when supported.

Skip TLS verification for HTTPS proxy

↗#

curl --proxy-insecure -x https://proxy.example.com:8443 https://example.com

# Disable certificate verification for the HTTPS proxy connection.

## Proxy Auth and Tunnels

Proxy with basic auth

↗#

curl -x http://proxy.example.com:8080 -U 'user:password' https://example.com

# Authenticate to a proxy with username and password.

Use an HTTPS proxy

↗#

curl -x https://proxy.example.com:8443 https://example.com

# Route traffic through an HTTPS proxy.

Trust a custom CA for proxy TLS

↗#

curl --proxy-cacert proxy-ca.pem -x https://proxy.example.com:8443 https://example.com

# Use a custom CA certificate file for the HTTPS proxy.

Client cert for proxy authentication

↗#

curl --proxy-cert proxy-client.crt --proxy-key proxy-client.key -x https://proxy.example.com:8443 https://example.com

# Send a client certificate when the proxy requires mTLS.

Tunnel through an HTTP proxy

↗#

curl --proxytunnel -x http://proxy.example.com:8080 ftp://example.com/file.txt

# Use CONNECT tunneling for non-HTTP protocols when needed.

More in cURL

cURL Debugging, Performance, and Scripting

Tracing, DNS overrides, proxies, protocol selection, config files, timeouts, and script-friendly curl patterns.

cURL Download and Upload Workflows

Comprehensive curl patterns for downloads, retries, upload flows, range requests, SMTP, SFTP, and batch transfers.

cURL HTTP and API Workflows

HTTP methods, auth, JSON APIs, headers, caching, compression, and response inspection with curl.

cURL Cheat Sheet

High-coverage curl commands for HTTP requests, APIs, downloads, uploads, cookies, redirects, and automation.

Recommended next

No recommendations yet.

Browse all sheets →