Open in app

Sign in

Write

Sign in

APACHE SSL ON MAC OSX

Goksel
goksel
Published in
2 min readNov 3, 2014

Update 11–12–2013: According to a commenter this process also works for OSX 10.9 Mavericks.

I have recently upgraded to OSX Lion from Snow Leopard, whilst setting up my development environment I needed to
configure the built in Apache server to support SSL. Below are instructions on what needed to be done. Please note
that the below is based on a clean install of OSX 10.7.2 and if you did an upgrade or are running a different
version of Lion then the instructions below may need to be tweaked to suit your setup.

Generate a host key

First off we’ll make a home for the new SSL files. I used /private/etc/apache2/ssl. We need to change to the
new directory and then run a ssh-keygen command to create the server key file. Open up a terminal window and enter
the commands below.
Please note that you shouldn’t set a pass phrase on the certificate, just leave this blank when it
asks for a pass phrase.

mkdir /private/etc/apache2/ssl
cd /private/etc/apache2/ssl
sudo ssh-keygen -f server.key

Generate a certificate request file

This command creates a certificate request file. A certificate request file contains information about your
organisation that will be used in the SSL certificate. You will be asked various questions, fill these in as
appropriate or leave blank.

sudo openssl req -new -key server.key -out request.csr

Create the SSL certificate

Create a self signed SSL certificate using the request file.

sudo openssl x509 -req -days 365 -in request.csr -signkey server.key -out server.crt

Configure Apache

Create a backup of /private/etc/apache2/httpd.conf.

In /private/etc/apache2/httpd.conf, make sure the SSL module is enabled (remove the # from the start of the line)

LoadModule ssl_module libexec/apache2/mod_ssl.so

In the same file search for the below line and uncomment it (remove the #)

Include /private/etc/apache2/extra/httpd-ssl.conf

Edit /private/etc/apache2/extra/httpd-ssl.conf, search for the lines that start with SSLCertificateFile,
SSLCertificateKeyFile and update them to match the below:

SSLCertificateFile "/private/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/ssl/server.key"

In the same file comment out (add a # to the beginning of the line) the lines that start with SSLCACertificatePath
and SSLCARevocationPath

Configure the vhosts

In /private/etc/apache2/httpd.conf, search for the below line and uncomment it (remove the #)

Include /private/etc/apache2/extra/httpd-vhosts.conf

Now open /private/etc/apache2/extra/httpd-vhosts.conf and add the line below under the port 80 NameVirtualHost
directive

NameVirtualHost *:443

Now you can configure a basic SSL vhost by adding the code below to the end of the file. Please note that for the
DocumentRoot you should replace it with a real path.

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /private/etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /private/etc/apache2/ssl/server.key
    ServerName localhost
    DocumentRoot "/some/website/directory/"
</VirtualHost>

Check the config and restart Apache

sudo apachectl configtest
sudo apachectl restart
Cool Stuff

--

--

Goksel
goksel

Written by Goksel

163 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams