SSL unable to get local issuer

If you have installed an SSL certificate and appears to work fine in the browser, but does not work on places like the W3 feeds validator or iTunes Connect, a good way to debug it is to use cURL from the command line.

You may get back an “unable to get local issuer certificate” error.

$ curl https://www.your-domain.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

If so, this means that you have successfully installed your SSL certificate, but you have not included the intermediate certificates. These form an essential part of the chain up to the root certificate and need to be included when you install it.

They are typically distributed in .bundle files that come with your .crt file.

Changing your SSH port

If you want to change your SSH port to something a little less obvious, it’s easy to do. It’s debatable how much security it actually gives you, but it will certainly make you feel safer, and that is probably the most important thing.

pico /etc/ssh/sshd_config

I’m using pico in this example, but vim will work just as well. You should find a line which is commented out, specifying that the port is 22. This doesn’t need to be uncommented normally, as it defaults to port 22.

#Port 22

Just uncomment this and put a new port number in.

Port 8473

Now save the file and exit. Finally, restart SSH for it to take affect.

/etc/rc.d/init.d/sshd restart

Don’t forget, next time you SSH in you will need to use the new port number!

ssh -p 8473 hostname