Getting a Self-Signed SSLCertificate to Work in Apache (For Local Development On a Mac)

I wanted to add a new local certificate for development. It had been a while since I done it, so to the interwebs I went. It took several Stack Overflow questions to get me there. So for next time, here’s the full process:

Generate a certificate and private key

In terminal do the following command:

openssl req -x509 -newkey rsa:4096 -keyout name-of.key -out name-of.crt -days 3650

I did 10 years (3650 = 365 days x 10 years), but that is arbitrary. You’ll be given several prompts to fill such as passphrase, country, state/province and company. I filled them in because I’m a little OCD.

Decode the private key for apache to use

openssl rsa -in name-of.key -out name-of.key

Add the VirtualHost record referencing the cert and key

<VirtualHost *:443>

SSLEngine on
SSLCertificateFile “/path/to/name-of.crt”
SSLCertificateKeyFile “/path/to/name-of.key”
<FilesMatch “\.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>

I develop in PHP. If you don’t, you’ll want to change the “FilesMatch” section.

Make sure your certificate is trusted

  1. Double-click the .cert file in Finder.
  2. Click the Add button.
  3. Open up keychain Access.
  4. Go to the Certificates category.
  5. Find your new certificate in the list and double-click it.
  6. Open up the Trust arrow.
  7. Switch “When using this certificate” to “Always trust”.
  8. Close the window and put in your password.
  9. The icon should go from a red “x” to a blue “+”.

Restart apache

sudo apachectl restart

Done

Go to the website in your browser to make sure it’s working. If not go to Stack Overflow….