- March 24, 2022
- Posted by: Surender Kumar
- Categories: Tips & Tricks, Windows 10, Windows 11
Setup cURL in Windows
cURL (client URL) is a command line tool that system admins and developers use to transfer data between server and client in the form of a URL. It supports several different protocols and has a variety of applications. I will not cover the details and applications of cRUL here. If you’re already on this page, I am assuming you know how to use it. Learn how to use curl in Windows if you are just getting started with it.
cURL in Windows 10 version 1803 or higher
Starting with Windows 10 (version 1803) or Server 2019, you will find curl.exe pre-installed in your %systemroot%\System32 directory by default. This guide is useful if you are on an older Windows version or you want to use the latest curl version from official website, which supports more protocols than the built-in curl version. I will also cover how to fix some most common errors that you might face while using cURL in Windows.
Most Common Errors with Secure Websites
You will get a whole lot of different errors while using secure URLs with cURL. So if you’re getting any error among the below mentioned errors, you are on the right page.
curl: (35) schannel: next InitializeSecurityContext failed
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
If you get this error message, it indicates that curl was unable to check revocation for the certificate which is the default behavior when it comes to communication with secure websites. Even though you could easily circumvent this error by using the
--ssl-no-revoke argument with curl command but it becomes tedious when you use curl command a lot. The following command shows how to bypass this error:
curl --ssl-no-revoke --head https://www.techtutsonline.com/
To learn how to get around this error once and for all – without having to specify the
--ssl-no-revoke argument each time, see the Setup the latest version of cURL in Windows section.
curl: (60) SSL certificate problem
curl: (60) SSL certificate problem: unable to get local issuer certificate
If you get this error, it means there is something wrong with root certificate that curl is using on your local system. To get around this error, you could use the
-k for short) argument with curl command as shown in the following command:
curl --insecure https://www.techtutsonline.com/
Again, to learn how to get around this error once and for all, see the Setup the latest version of cURL in Windows section.
curl: (60) schannel: CertGetCertificateChain trust error
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT
If you see this error, it means the root CA that curl is configured to use is untrusted. It may be using a self-signed certificate or the certificate is no longer valid. This error can also be bypassed by using the
--insecure argument with curl command as shown in previous example.
Depending upon the edition of your Windows, you can download the latest version of cURL from the official website using the following links:
It will download a zip archive. There is no installer in this file so you will have to manually set the PATH environment for curl.exe binary. Once downloaded, you can extract the zip archive to any folder of your choice. I extracted mine inside D:\WORK\SOFTWARE\curl-7.81.0-win64 directory. Your directory should look like shown in the following screenshot:
Now to set the PATH environment variable, open RUN dialog (WinLogoKey+R), type “sysdm.cpl ,3” without quotes and press enter. This will open up advanced system properties page. Now follow the steps mentioned in the screenshot and click on OK thrice to save the changes.
When this is done, curl is ready to be used on your system. To confirm, you can open the command prompt and type
curl --version command. If you see the curl version as shown in the following image, you’re all set to go to next step:
If you get an error that says ‘curl’ is not recognized as an internal or external command, operable program or batch file, it means something is wrong with the PATH environment variable you created.
If you see this error, please follow the steps mentioned in this video to properly setup your PATH environment variable.
Certificate Setup for cURL
Now comes the most important part. At this point, when you try any secure URL with curl command, you will most probably get an error as we discussed in past sections. To permanently fix those SSL errors, you need to download the CA certificate file from official website and configure the curl on your system to use that certificate file. To do that, follow these steps:
- First of all, download the CA certificate file and copy it into the same directory where curl.exe file is available. To get the location of curl.exe, you could simply type
where curlcommand in your command prompt.
- Now create a new file named .curlrc in the same directory as that of curl.exe. In the end, your curl directory should look like shown in the following image:
- Now open the .curlrc file in notepad (or any other text editor) and set the complete path of root certificate file that you downloaded in first step. See the screenshot for reference:
Please remember to use the forward slash (/) while specifying directory path as shown below otherwise it won’t work:
cacert = "D:/WORK/SOFTWARE/curl-7.81.0-win64/bin/cacert.pem"
- [optional] If you’re using Windows 10 (version 1803) or higher, your system will most likely have curl.exe in %systemroot%\System32 directory as well. When you will run curl command without explicitly specifying the complete path to curl.exe executable, your system will use the default executable located in %systemroot%\System32. If this is true you will see curl.exe twice when you run
where curlcommand. See the following image for reference:
If you see the same, you need to get rid of default curl.exe that comes with Windows. You can take the ownership of file, set the permissions and then rename the file with the help of following commands:
takeown /a /f curl.exe
icacls curl.exe /grant administrators:F
ren curl.exe curl.exe.bak
- Once you successfully rename the default curl.exe executable, you should see a single instance of curl.exe when running
- Your system is now all set and you can start using curl without any SSL error. The following screenshot shows that I no longer get any SSL error and I don’t have to use the
curl -I https://www.techtutsonline.com/