Getting a Self-Signed SSLCertificate to Work in Apache (For Local Development On a Mac)
I wanted to add a new local certificate for development. It had been a while since I done it, so to the interwebs I went. It took several Stack Overflow questions to get me there. So for next time, here’s the full process:
Generate a certificate and private key
In terminal do the following command:
openssl req -x509 -newkey rsa:4096 -keyout name-of.key -out name-of.crt -days 3650
I did 10 years (3650 = 365 days x 10 years), but that is arbitrary. You’ll be given several prompts to fill such as passphrase, country, state/province and company. I filled them in because I’m a little OCD.
Decode the private key for apache to use
openssl rsa -in name-of.key -out name-of.key
Add the VirtualHost record referencing the cert and key
I develop in PHP. If you don’t, you’ll want to change the “FilesMatch” section.
Make sure your certificate is trusted
- Double-click the .cert file in Finder.
- Click the Add button.
- Open up keychain Access.
- Go to the Certificates category.
- Find your new certificate in the list and double-click it.
- Open up the Trust arrow.
- Switch “When using this certificate” to “Always trust”.
- Close the window and put in your password.
- The icon should go from a red “x” to a blue “+”.
sudo apachectl restart
Go to the website in your browser to make sure it’s working. If not go to Stack Overflow….