diff --git a/agents/bakery/curl.py b/agents/bakery/curl.py
index 3d8ed4dfebc1385d10eaebb99ef7f917af16a57e..3da404260b72dd2feba4c41ad31777db467ab5b1 100755
--- a/agents/bakery/curl.py
+++ b/agents/bakery/curl.py
@@ -292,9 +292,9 @@ def get_curl_files(conf: Tuple[str, Dict[str, List[any]]]) -> FileGenerator:
             pub_md5 = None
             pub_sha256 = None
             pub_key = None
-            try:
+            try:  # 2022-03-23: added ssh settings
                 insecure, ocsp, no_revoke, cert_chain = url_settings['cert_verify']
-            except ValueError:
+            except ValueError:  # 2022-03-23: added ssh settings
                 insecure, ocsp, no_revoke, cert_chain, pub_md5, pub_sha256, pub_key = url_settings['cert_verify']
             if insecure:
                 options_array.append(f'--insecure')
@@ -318,7 +318,7 @@ def get_curl_files(conf: Tuple[str, Dict[str, List[any]]]) -> FileGenerator:
             if pub_key:
                 yield PluginConfig(
                     base_os=_os,
-                    lines=[cert_chain],
+                    lines=[pub_key],
                     target=Path(f'curl/curl_item_{curl_item}.pub_key'),
                     include_header=False,
                 )
diff --git a/curl.mkp b/curl.mkp
index 7515d568bdc7dc372abfc4313ee4c9fe8342b1bb..531c43b4fae4ccb20cd9d15a9a498b3e7bbeda49 100644
Binary files a/curl.mkp and b/curl.mkp differ
diff --git a/web/plugins/wato/curl.py b/web/plugins/wato/curl.py
index 14bf05df1c07a56bf361c575b3c703c530365ba4..c5d4b68b3a8be969e30e51207e60dcf276591066 100644
--- a/web/plugins/wato/curl.py
+++ b/web/plugins/wato/curl.py
@@ -330,7 +330,7 @@ _option_curl_service = ('curl_service',
                                     allow_empty=False,
                                     size=90,
                                     placeholder='https://www.example.com',
-                                    forbidden_chars=forbidden_chars,
+                                    # forbidden_chars=forbidden_chars,
                                 ),
                             ],
                             orientation='horizontal',
@@ -353,7 +353,7 @@ _option_verify_remote_host = ('cert_verify',
                                           Checkbox('Use OCSP to check certificate status'),
                                           Checkbox('Disable cert revocation checks (WinSSL)'),
                                           Optional(Foldable(CAorCAChain()), label='Certificate to verify against', ),
-                                          Optional(TextUnicode(size=35, minlen=32, maxlen=32, regex='[0-9a-fA-F]', ),
+                                          Optional(TextUnicode(size=40, minlen=32, maxlen=32, regex='[0-9a-fA-F]', ),
                                                    label='Expected MD5 hash of pub key'),
                                           Optional(TextUnicode(size=60, allow_empty=False),
                                                    label='Expected SHA256 hash of pub key'),