Jose Torres

Software Engineer. In search of the Kraken.

Recently I ran into a tutorial that explained pretty well how to set up open ssl with a self signed certificate on Mac OSX 10.7 to test https in your localhost.

Now I tweak it a little bit (just some details) to run it on Mac OSX 10.9 better known as Mavericks.

Of course this set of instructions may or may not need some adjustments to suit your environment.

Without further ado, here it is.

How to run ssl on your localhost

1. Generate the host key

We need to generate a key for the server. Remember do NOT enter a pass phrase for this key, when prompted just leave it blank.

mkdir /private/etc/apache2/ssl
cd /private/etc/apache2/ssl
sudo ssh-keygen -f server.key

2. Create the certificate request file

This file should have some info about your org that will be used in the SSL certificate. You will be asked some questions, just answer them freely.

sudo openssl req -new -key server.key -out request.csr

3. SSL Certificate

Now its time to create the self-signed certificate. You do this by executing:

sudo openssl x509 -req -days 365 -in request.csr -signkey server.key -out server.crt

4. Apache Time!

We now have the certificate and its time to configure Apache. First of all make a backup of your configuration file /private/etc/apache2/httpd.conf just in case this goes south.

4.1. Enable SSL Module

Go to /private/etc/apache2/httpd.conf and verify that SSL module is enabled (this means that the line loading the module should be uncommented) eg.

LoadModule ssl_module libexec/apache2/mod_ssl.so
#This is a comment so if the line above has the # just remove it

4.2. Include SSL conf file

In the same file as before make sure this line is uncommented too.

Include /private/etc/apache2/extra/httpd-ssl.conf

4.3. Include your previously created ssl files in the config

Now go to /private/etc/apache2/extra/httpd-ssl.conf and change these two lines:

SSLCertificateFile "/private/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/ssl/server.key"

4.4. Comment unnecessary lines

Same file as above. Comment (add a # at the beginning of the line) the lines that start with:

  • SSLCACertificatePath
  • SSLCARevocationPath

5. Configure the virtual host

You are almost ready just need to configure a vhost that uses your newly configured SSL.

So make sure your vhosts config file is included in /private/etc/apache2/httpd.conf

This line should be uncommented:

Include /private/etc/apache2/extra/httpd-vhosts.conf

Then go to /private/etc/apache2/extra/httpd-vhosts.conf and add NameVirtualHost *:443 below the line that says NameVirtualHost *:80

Now you can configure a SSL vhost like this:

<VirtualHost *:443>
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /private/etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /private/etc/apache2/ssl/server.key
    ServerName somename
    DocumentRoot "/path/to/some/directory/"
</VirtualHost>

6. Restart Apache

Finally you have to restart Apache and you are all done.

sudo apachectl restart

Note: You can check apache configuration before restarting it by executing:

sudo apachectl configtest

Now you can go to https://somename and enjoy your site.

You May Also Enjoy

Why Passwords Fail?

5 minute read

Learn why even good passwords can fail, how to protect your account from breaches, and the security limitations of second factor authentication.

Simple Streaming Server with AWS

9 minute read

Learn the basic software architecture decisions we had to make to build a video streaming server using the AWS infrastructure.

Programming Fundamentals: I/O

5 minute read

This post we’ll see a few quick ways to read input from users and how to store that information, or any other, in external files.