This page explains how to set up a local development server on a Mac (with Apache installed) to use HTTPS to more closely mimic the environment on a production website. This involves installing a self-signed SSL certificate and ensuring Apache is configured accordingly. These instructions assume that openssl has been installed. Most of this was obtained from this guide.
- Configure SSL settings
Open the SSL configuration file using in Terminal (using the nano editor in these instructions)
Copy to clipboard
sudo nano /private/etc/apache2/extra/httpd-ssl.conf
- In the
<VirtualHost>
section, make sure the settings are as follows;
- Change
<VirtualHost _default_:443>
to <VirtualHost *:443>
- Make sure the
DocumentRoot
is correct for your local server
- Change the
ServerName
to localhost:443
- Make sure
SSLEngine
is set to on
- Note the certificate file paths
- Find the
SSLCertificateFile
and SSLCertificateKeyFile
directives
- These lines should be uncommented (i.e., no # at the beginning of the line)
- Note the path and files names - these will be used later. You can change the location and file name, just make sure that the paths and names here match the actual files you create later. For these instructions we will use the following:
SSLCertificateFile "/private/etc/ssl/server.crt"
SSLCertificateKeyFile "/private/etc/ssl/server.key"
- Create configuration files
- Create a file named
server.csr.cnf
Copy to clipboard
sudo nano /private/etc/ssl/server.csr.cnf
- Paste the following into
server.csr.cnf
, changing location and email values as needed, and then save the file
Copy to clipboard
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=US
ST=New York
L=Rochester
O=End Point
OU=Testing Domain
emailAddress=your-administrative-address@your-awesome-existing-domain.com
CN = localhost
- Create a file named
v3.ext
Copy to clipboard
sudo nano /private/etc/ssl/v3.ext
- Paste the following into
v3.ext
, and then save the file
Copy to clipboard
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
- Generate certificates and keys
Navigate to /private/etc/ssl/
and then perform the following
- Generate an RSA private key
Copy to clipboard
sudo openssl genrsa -des3 -out /private/etc/ssl/rootCA.key 2048
- You will be asked for a password and a few other questions
- Generate the root certificate which will be valid for 1024 days
Copy to clipboard
sudo openssl req -x509 -new -nodes -key /private/etc/ssl/rootCA.key -sha256 -days 1024 -out /private/etc/ssl/rootCA.pem
- Create the private key for the certificate
Copy to clipboard
sudo openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
- Generate the certificate
Copy to clipboard
sudo openssl x509 -req -in server.csr -CA /private/etc/ssl/rootCA.pem -CAkey /private/etc/ssl/rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
- To verify the certificate has the SAN (needed to work in some browsers)
Copy to clipboard
openssl x509 -text -in server.crt -noout
- The output should contain this line:
Copy to clipboard
X509v3 Subject Alternative Name:
DNS:localhost
- Set Apache configurations
- Make sure the and
ssl_module
and socache_shmcb_module
are loaded in the Apache Configuration file at /usr/local/etc/httpd/httpd.conf
by uncommenting the following lines:
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
Note: there are different types of socache modules - uncomment the one that matches the uncommented module used in the /private/etc/apache2/extra/httpd-ssl.conf
file you edited at the beginning of these instructions
- Restart Apache
Copy to clipboard
sudo apachectl restart
- Go to
https://localhost/
and see if it works!
This page explains how to set up a local development server on a Mac (with Apache installed) to use HTTPS to more closely mimic the environment on a production website. This involves installing a self-signed SSL certificate and ensuring Apache is configured accordingly. These instructions assume that openssl has been installed. Most of this was obtained from [https://really-simple-ssl.com/knowledge-base/how-to-install-an-ssl-certificate-on-mamp/|this guide].
# Configure SSL settings
+ Open the SSL configuration file using in Terminal (using the nano editor in these instructions)
+{CODE(colors="shell")}sudo nano /private/etc/apache2/extra/httpd-ssl.conf{CODE}
## In the -+<VirtualHost>+- section, make sure the settings are as follows;
### Change -+<VirtualHost _default_:443>+- to -+<VirtualHost *:443>+-
### Make sure the -+DocumentRoot+- is correct for your local server
### Change the -+ServerName+- to -+localhost:443+-
### Make sure -+ SSLEngine+- is set to -+on+-
## Note the certificate file paths
### Find the -+SSLCertificateFile+- and -+SSLCertificateKeyFile+- directives
### These lines should be uncommented (i.e., no # at the beginning of the line)
### Note the path and files names - these will be used later. You can change the location and file name, just make sure that the paths and names here match the actual files you create later. For these instructions we will use the following:
+++ -+SSLCertificateFile "/private/etc/ssl/server.crt"+-
+++ -+SSLCertificateKeyFile "/private/etc/ssl/server.key"+-
# Create configuration files
## Create a file named -+server.csr.cnf+-
++ {CODE(colors="shell")}sudo nano /private/etc/ssl/server.csr.cnf{CODE}
## Paste the following into -+server.csr.cnf+-, changing location and email values as needed, and then save the file
++ {CODE(colors="shell")}[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=US
ST=New York
L=Rochester
O=End Point
OU=Testing Domain
emailAddress=your-administrative-address@your-awesome-existing-domain.com
CN = localhost{CODE}
## Create a file named -+v3.ext+-
++ {CODE(colors="shell")}sudo nano /private/etc/ssl/v3.ext{CODE}
## Paste the following into -+v3.ext+-, and then save the file
++ {CODE(colors="shell")}authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost{CODE}
# Generate certificates and keys
+ Navigate to -+/private/etc/ssl/+- and then perform the following
## Generate an RSA private key
++{CODE(colors="shell")}sudo openssl genrsa -des3 -out /private/etc/ssl/rootCA.key 2048{CODE}
### You will be asked for a password and a few other questions
## Generate the root certificate which will be valid for 1024 days
++{CODE(colors="shell")}sudo openssl req -x509 -new -nodes -key /private/etc/ssl/rootCA.key -sha256 -days 1024 -out /private/etc/ssl/rootCA.pem{CODE}
## Create the private key for the certificate
++{CODE(colors="shell")}sudo openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf{CODE}
## Generate the certificate
++{CODE(colors="shell")}sudo openssl x509 -req -in server.csr -CA /private/etc/ssl/rootCA.pem -CAkey /private/etc/ssl/rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext{CODE}
## To verify the certificate has the SAN (needed to work in some browsers)
++{CODE(colors="shell")}openssl x509 -text -in server.crt -noout{CODE}
*** The output should contain this line:
+++{CODE(colors="shell")} X509v3 Subject Alternative Name:
DNS:localhost{CODE}
# Set Apache configurations
## Make sure the and -+ssl_module+- and -+socache_shmcb_module+- are loaded in the Apache Configuration file at -+/usr/local/etc/httpd/httpd.conf+- by uncommenting the following lines:
++ -+LoadModule ssl_module lib/httpd/modules/mod_ssl.so+-
++ -+LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so+-
++''Note:'' there are different types of socache modules - uncomment the one that matches the uncommented module used in the -+ /private/etc/apache2/extra/httpd-ssl.conf+- file you edited at the beginning of these instructions
## Restart Apache
++{CODE(colors="shell")}sudo apachectl restart{CODE}
# Go to -+https://localhost/+- and see if it works!