I thought that by using curl -k
I could avoid having to provide a certificate when using a self-signed certificate like in the Conjur Quick Start. This was incorrect. curl -k
doesn’t avoid TLS entirely, it just bypasses validation. So, in a case where you’re running Conjur in a self-signed scenario, you’ll still need to provide the --cacert
flag with curl
.
curl --cacert /path/to/conjur_account.pem ...
Hopefully this helps someone else eliminate research in the future.