My personal preference is -k to the template to minimize risk but I'm not sure why the host it's running on does not have the proper CA in the system for validation. Where is the curl command ultimately run and are we not publishing the self signed CA everywhere? Or is this a custom SSL where the user does not provide a CA bundle? Adding insecure=True disables ssl certificate verification so while the traffic is still encrypted it does not prevent MITM attacks
My personal preference is -k to the template to minimize risk but I'm not sure why the host it's running on does not have the proper CA in the system for validation. Where is the curl command ultimately run and are we not publishing the self signed CA everywhere? Or is this a custom SSL where the user does not provide a CA bundle? Adding insecure=True disables ssl certificate verification so while the traffic is still encrypted it does not prevent MITM attacks