Setup cURL in Windows

Publish Date: March 24, 2022

Setup cURL in Windows

cURL (client URL) is a command line tool that system admins and developers use to transfer data between server and client in the form of a URL. It supports several different protocols and has a variety of applications. I will not cover the details and applications of cRUL here. If you’re already on this page, I am assuming you know how to use it. Learn how to use curl in Windows if you are just getting started with it.

cURL in Windows 10 version 1803 or higher

Starting with Windows 10 (version 1803) or Server 2019, you will find curl.exe pre-installed in your %systemroot%\System32 directory by default. This guide is useful if you are on an older Windows version or you want to use the latest curl version from official website, which supports more protocols than the built-in curl version. I will also cover how to fix some most common errors that you might face while using cURL in Windows.

Most Common Errors with Secure Websites

You will get a whole lot of different errors while using secure URLs with cURL. So if you’re getting any error among the below mentioned errors, you are on the right page.

curl: (35) schannel: next InitializeSecurityContext failed

curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

curl - (35) schannel - next InitializeSecurityContext failed - Unknown error (0x80092012)

If you get this error message, it indicates that curl was unable to check revocation for the certificate which is the default behavior when it comes to communication with secure websites. The error usually occurs when you’re using an anti-virus or endpoint security software that offers it’s own certificate. Even though you could easily circumvent this error by using the --ssl-no-revoke argument with curl command but it becomes tedious when you use curl command a lot. The following command shows how to bypass this error:

curl --ssl-no-revoke --head https://www.techtutsonline.com/

To learn how to get around this error once and for all – without having to specify the --ssl-no-revoke argument each time, see the Setup the latest version of cURL in Windows section.

curl: (60) SSL certificate problem

curl: (60) SSL certificate problem: unable to get local issuer certificate

curl - (60) SSL certificate problem - unable to get local issuer certificate

If you get this error, it means there is something wrong with root certificate that curl is using on your local system. To get around this error, you could use the --insecure (or -k for short) argument with curl command as shown in the following command:

curl --insecure https://www.techtutsonline.com/

Again, to learn how to get around this error once and for all, see the Setup the latest version of cURL in Windows section.

curl: (60) schannel: CertGetCertificateChain trust error

curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT

curl - (60) schannel - CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT

If you see this error, it means the root CA that curl is configured to use is untrusted. It may be using a self-signed certificate or the certificate is no longer valid. This error can also be bypassed by using the --insecure argument with curl command as shown in previous example.

Setup the latest version of cURL in Windows

Depending upon the edition of your Windows, you can download the latest version of cURL from the official website using the following links:

It will download a zip archive. There is no installer in this file so you will have to manually set the PATH environment for curl.exe binary. Once downloaded, you can extract the zip archive to any folder of your choice. I extracted mine inside D:\WORK\SOFTWARE\curl-7.81.0-win64 directory. Your directory should look like shown in the following screenshot:

curl directory path

Now to set the PATH environment variable, open RUN dialog (WinLogoKey+R), type “sysdm.cpl ,3” without quotes and press enter. This will open up advanced system properties page. Now follow the steps mentioned in the screenshot and click on OK thrice to save the changes.

Add CURL to Path Environment VariableMake sure you specify the correct path to bin directory in STEP 5. I added D:\WORK\SOFTWARE\curl-7.81.0-win64\bin in my case.

When this is done, curl is ready to be used on your system. To confirm, you can open the command prompt and type curl --version command. If you see the curl version as shown in the following image, you’re all set to go to next step:
Check curl version
If you get an error that says ‘curl’ is not recognized as an internal or external command, operable program or batch file, it means something is wrong with the PATH environment variable you created.
'curl' is not recognized as an internal or external command, operable program or batch file
If you see this error, please follow the steps mentioned in this video to properly setup your PATH environment variable.

Certificate Setup for cURL

Now comes the most important part. At this point, when you try any secure URL with curl command, you will most probably get an error as we discussed in past sections. To permanently fix those SSL errors, you need to download the CA certificate file from official website and configure the curl on your system to use that certificate file. To do that, follow these steps:

  1. First of all, download the CA certificate file and copy it into the same directory where curl.exe file is available. To get the location of curl.exe, you could simply type where curl command in your command prompt.
    locate curl curl
  2. Now create a new file named .curlrc in the same directory as that of curl.exe. In the end, your curl directory should look like shown in the following image:
    set curl to use the cacert in .curlrc file
  3. Now open the .curlrc file in notepad (or any other text editor) and set the complete path of root certificate file that you downloaded in first step. See the screenshot for reference:
    set cacert path in .curlrc file
    Please remember to use the forward slash (/) while specifying directory path as shown below otherwise it won’t work:

    cacert = "D:/WORK/SOFTWARE/curl-7.81.0-win64/bin/cacert.pem"
    
  4. [optional] If you’re using Windows 10 (version 1803) or higher, your system will most likely have curl.exe in %systemroot%\System32 directory as well. When you will run curl command without explicitly specifying the complete path to curl.exe executable, your system will use the default executable located in %systemroot%\System32. If this is true you will see curl.exe twice when you run where curl command. See the following image for reference:
    locate curl executable duplicate
    If you see the same, you need to get rid of default curl.exe that comes with Windows. You can take the ownership of file, set the permissions and then rename the file with the help of following commands:

    cd C:\Windows\System32 
     
    takeown /a /f curl.exe 
    icacls curl.exe /grant administrators:F 
    ren curl.exe curl.exe.bak
    

    Make sure you run these commands in an elevated command prompt. See the following screenshot for reference:
    take ownership of default curl and rename

  5. Once you successfully rename the default curl.exe executable, you should see a single instance of curl.exe when running where curl command.
  6. Your system is now all set and you can start using curl without any SSL error. The following screenshot shows that I no longer get any SSL error and I don’t have to use the --insecure or --ssl-no-revoke arguments anymore.
    curl -I https://www.techtutsonline.com/

    curl success



Microsoft Certified | Cisco Certified

1 Comment

Leave a Reply