What -k does
-k or --insecure tells cURL not to verify the server certificate. It can unblock local testing but weakens protection against impersonation.
Understand cURL SSL certificate errors, what -k or --insecure changes, and how generated code represents TLS verification behavior.
Try SSL cURL Conversion-k or --insecure tells cURL not to verify the server certificate. It can unblock local testing but weakens protection against impersonation.
For real systems, prefer fixing the certificate chain, hostname, trust store, or CA bundle instead of permanently disabling verification.
The parser exposes verify_ssl: false in JSON output and maps that setting into generated languages that support TLS verification control.
curl -k -L -H 'Accept: application/json' https://self-signed.badssl.example/api/status
It is acceptable for controlled local testing, but it should not be the default for production API traffic.
Expired certificates, missing intermediates, hostname mismatches, private CAs, old trust stores, and intercepting proxies are common causes.